mirror of
https://github.com/goauthentik/authentik
synced 2026-04-25 17:15:26 +02:00
24edee3e78
* flows: add warning message for expired password reset links Fixes #21306 * Replace token expiry check with REQUIRE_TOKEN authentication requirement Incorporate review comments to move expired/invalid token handling from executor-level check to flow planner authentication requirement. This avoids disclosing whether a token ever existed and handles already-cleaned-up tokens. * The fix was changing gettext_lazy to gettext * remove unneeded migration Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update form Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens Langhammer <jens@goauthentik.io>
16131 lines
669 KiB
JSON
16131 lines
669 KiB
JSON
{
|
|
"$schema": "http://json-schema.org/draft-07/schema",
|
|
"$id": "https://goauthentik.io/blueprints/schema.json",
|
|
"type": "object",
|
|
"title": "authentik 2026.5.0-rc1 Blueprint schema",
|
|
"required": [
|
|
"version",
|
|
"entries"
|
|
],
|
|
"properties": {
|
|
"version": {
|
|
"$id": "#/properties/version",
|
|
"type": "integer",
|
|
"title": "Blueprint version",
|
|
"default": 1
|
|
},
|
|
"metadata": {
|
|
"$id": "#/properties/metadata",
|
|
"type": "object",
|
|
"required": [
|
|
"name"
|
|
],
|
|
"properties": {
|
|
"name": {
|
|
"type": "string"
|
|
},
|
|
"labels": {
|
|
"type": "object",
|
|
"additionalProperties": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"context": {
|
|
"$id": "#/properties/context",
|
|
"type": "object",
|
|
"additionalProperties": true
|
|
},
|
|
"entries": {
|
|
"anyOf": [
|
|
{
|
|
"type": "array",
|
|
"items": {
|
|
"$ref": "#/$defs/blueprint_entry"
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"additionalProperties": {
|
|
"type": "array",
|
|
"items": {
|
|
"$ref": "#/$defs/blueprint_entry"
|
|
}
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"$defs": {
|
|
"blueprint_entry": {
|
|
"oneOf": [
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_blueprints.blueprintinstance"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_blueprints.blueprintinstance_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_blueprints.blueprintinstance"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_blueprints.blueprintinstance"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_blueprints.metaapplyblueprint"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_blueprints.metaapplyblueprint_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_blueprints.metaapplyblueprint"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_brands.brand"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_brands.brand_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_brands.brand"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_brands.brand"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_core.application"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_core.application_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_core.application"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_core.application"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_core.applicationentitlement"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_core.applicationentitlement_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_core.applicationentitlement"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_core.applicationentitlement"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_core.group"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_core.group_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_core.group"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_core.group"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_core.token"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_core.token_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_core.token"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_core.token"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_core.user"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_core.user_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_core.user"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_core.user"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_crypto.certificatekeypair"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_crypto.certificatekeypair_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_crypto.certificatekeypair"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_crypto.certificatekeypair"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_endpoints_connectors_agent.agentconnector"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_endpoints_connectors_agent.agentconnector_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_endpoints_connectors_agent.agentconnector"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_endpoints_connectors_agent.agentconnector"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_endpoints_connectors_agent.agentdeviceuserbinding"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_endpoints_connectors_agent.agentdeviceuserbinding_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_endpoints_connectors_agent.agentdeviceuserbinding"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_endpoints_connectors_agent.agentdeviceuserbinding"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_endpoints_connectors_agent.enrollmenttoken"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_endpoints_connectors_agent.enrollmenttoken_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_endpoints_connectors_agent.enrollmenttoken"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_endpoints_connectors_agent.enrollmenttoken"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_endpoints.deviceaccessgroup"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_endpoints.deviceaccessgroup_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_endpoints.deviceaccessgroup"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_endpoints.deviceaccessgroup"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_endpoints.deviceuserbinding"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_endpoints.deviceuserbinding_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_endpoints.deviceuserbinding"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_endpoints.deviceuserbinding"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_endpoints.endpointstage"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_endpoints.endpointstage_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_endpoints.endpointstage"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_endpoints.endpointstage"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_endpoints_connectors_fleet.fleetconnector"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_endpoints_connectors_fleet.fleetconnector_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_endpoints_connectors_fleet.fleetconnector"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_endpoints_connectors_fleet.fleetconnector"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_endpoints_connectors_google_chrome.googlechromeconnector"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_endpoints_connectors_google_chrome.googlechromeconnector_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_endpoints_connectors_google_chrome.googlechromeconnector"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_endpoints_connectors_google_chrome.googlechromeconnector"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_lifecycle.lifecycleiteration"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_lifecycle.lifecycleiteration_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_lifecycle.lifecycleiteration"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_lifecycle.lifecycleiteration"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_lifecycle.lifecyclerule"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_lifecycle.lifecyclerule_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_lifecycle.lifecyclerule"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_lifecycle.lifecyclerule"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_lifecycle.review"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_lifecycle.review_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_lifecycle.review"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_lifecycle.review"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_enterprise.license"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_enterprise.license_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_enterprise.license"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_enterprise.license"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_policies_unique_password.uniquepasswordpolicy"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_policies_unique_password.uniquepasswordpolicy_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_policies_unique_password.uniquepasswordpolicy"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_policies_unique_password.uniquepasswordpolicy"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_providers_google_workspace.googleworkspaceprovider"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_providers_google_workspace.googleworkspaceprovider_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_providers_google_workspace.googleworkspaceprovider"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_providers_google_workspace.googleworkspaceprovider"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_providers_google_workspace.googleworkspaceprovidermapping"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_providers_google_workspace.googleworkspaceprovidermapping_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_providers_google_workspace.googleworkspaceprovidermapping"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_providers_google_workspace.googleworkspaceprovidermapping"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_providers_microsoft_entra.microsoftentraprovider"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_providers_microsoft_entra.microsoftentraprovider_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_providers_microsoft_entra.microsoftentraprovider"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_providers_microsoft_entra.microsoftentraprovider"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_providers_microsoft_entra.microsoftentraprovidermapping"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_providers_microsoft_entra.microsoftentraprovidermapping_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_providers_microsoft_entra.microsoftentraprovidermapping"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_providers_microsoft_entra.microsoftentraprovidermapping"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_providers_ssf.ssfprovider"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_providers_ssf.ssfprovider_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_providers_ssf.ssfprovider"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_providers_ssf.ssfprovider"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_providers_ws_federation.wsfederationprovider"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_providers_ws_federation.wsfederationprovider_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_providers_ws_federation.wsfederationprovider"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_providers_ws_federation.wsfederationprovider"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_reports.dataexport"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_reports.dataexport_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_reports.dataexport"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_reports.dataexport"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_stages_authenticator_endpoint_gdtc.authenticatorendpointgdtcstage"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_stages_authenticator_endpoint_gdtc.authenticatorendpointgdtcstage_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_stages_authenticator_endpoint_gdtc.authenticatorendpointgdtcstage"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_stages_authenticator_endpoint_gdtc.authenticatorendpointgdtcstage"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_stages_mtls.mutualtlsstage"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_stages_mtls.mutualtlsstage_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_stages_mtls.mutualtlsstage"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_stages_mtls.mutualtlsstage"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_stages_source.sourcestage"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_stages_source.sourcestage_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_stages_source.sourcestage"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_stages_source.sourcestage"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_events.event"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_events.event_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_events.event"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_events.event"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_events.notification"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_events.notification_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_events.notification"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_events.notification"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_events.notificationrule"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_events.notificationrule_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_events.notificationrule"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_events.notificationrule"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_events.notificationtransport"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_events.notificationtransport_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_events.notificationtransport"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_events.notificationtransport"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_events.notificationwebhookmapping"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_events.notificationwebhookmapping_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_events.notificationwebhookmapping"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_events.notificationwebhookmapping"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_flows.flow"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_flows.flow_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_flows.flow"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_flows.flow"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_flows.flowstagebinding"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_flows.flowstagebinding_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_flows.flowstagebinding"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_flows.flowstagebinding"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_outposts.dockerserviceconnection"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_outposts.dockerserviceconnection_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_outposts.dockerserviceconnection"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_outposts.dockerserviceconnection"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_outposts.kubernetesserviceconnection"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_outposts.kubernetesserviceconnection_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_outposts.kubernetesserviceconnection"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_outposts.kubernetesserviceconnection"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_outposts.outpost"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_outposts.outpost_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_outposts.outpost"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_outposts.outpost"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_policies_dummy.dummypolicy"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_policies_dummy.dummypolicy_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_policies_dummy.dummypolicy"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_policies_dummy.dummypolicy"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_policies_event_matcher.eventmatcherpolicy"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_policies_event_matcher.eventmatcherpolicy_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_policies_event_matcher.eventmatcherpolicy"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_policies_event_matcher.eventmatcherpolicy"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_policies_expiry.passwordexpirypolicy"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_policies_expiry.passwordexpirypolicy_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_policies_expiry.passwordexpirypolicy"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_policies_expiry.passwordexpirypolicy"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_policies_expression.expressionpolicy"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_policies_expression.expressionpolicy_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_policies_expression.expressionpolicy"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_policies_expression.expressionpolicy"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_policies_geoip.geoippolicy"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_policies_geoip.geoippolicy_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_policies_geoip.geoippolicy"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_policies_geoip.geoippolicy"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_policies.policybinding"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_policies.policybinding_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_policies.policybinding"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_policies.policybinding"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_policies_password.passwordpolicy"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_policies_password.passwordpolicy_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_policies_password.passwordpolicy"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_policies_password.passwordpolicy"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_policies_reputation.reputationpolicy"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_policies_reputation.reputationpolicy_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_policies_reputation.reputationpolicy"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_policies_reputation.reputationpolicy"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_providers_ldap.ldapprovider"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_providers_ldap.ldapprovider_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_providers_ldap.ldapprovider"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_providers_ldap.ldapprovider"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_providers_oauth2.oauth2provider"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_providers_oauth2.oauth2provider_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_providers_oauth2.oauth2provider"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_providers_oauth2.oauth2provider"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_providers_oauth2.scopemapping"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_providers_oauth2.scopemapping_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_providers_oauth2.scopemapping"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_providers_oauth2.scopemapping"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_providers_proxy.proxyprovider"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_providers_proxy.proxyprovider_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_providers_proxy.proxyprovider"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_providers_proxy.proxyprovider"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_providers_rac.endpoint"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_providers_rac.endpoint_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_providers_rac.endpoint"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_providers_rac.endpoint"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_providers_rac.racpropertymapping"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_providers_rac.racpropertymapping_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_providers_rac.racpropertymapping"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_providers_rac.racpropertymapping"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_providers_rac.racprovider"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_providers_rac.racprovider_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_providers_rac.racprovider"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_providers_rac.racprovider"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_providers_radius.radiusprovider"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_providers_radius.radiusprovider_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_providers_radius.radiusprovider"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_providers_radius.radiusprovider"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_providers_radius.radiusproviderpropertymapping"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_providers_radius.radiusproviderpropertymapping_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_providers_radius.radiusproviderpropertymapping"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_providers_radius.radiusproviderpropertymapping"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_providers_saml.samlpropertymapping"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_providers_saml.samlpropertymapping_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_providers_saml.samlpropertymapping"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_providers_saml.samlpropertymapping"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_providers_saml.samlprovider"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_providers_saml.samlprovider_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_providers_saml.samlprovider"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_providers_saml.samlprovider"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_providers_scim.scimmapping"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_providers_scim.scimmapping_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_providers_scim.scimmapping"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_providers_scim.scimmapping"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_providers_scim.scimprovider"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_providers_scim.scimprovider_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_providers_scim.scimprovider"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_providers_scim.scimprovider"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_rbac.initialpermissions"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_rbac.initialpermissions_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_rbac.initialpermissions"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_rbac.initialpermissions"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_rbac.role"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_rbac.role_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_rbac.role"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_rbac.role"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_sources_kerberos.groupkerberossourceconnection"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_sources_kerberos.groupkerberossourceconnection_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_sources_kerberos.groupkerberossourceconnection"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_sources_kerberos.groupkerberossourceconnection"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_sources_kerberos.kerberossource"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_sources_kerberos.kerberossource_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_sources_kerberos.kerberossource"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_sources_kerberos.kerberossource"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_sources_kerberos.kerberossourcepropertymapping"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_sources_kerberos.kerberossourcepropertymapping_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_sources_kerberos.kerberossourcepropertymapping"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_sources_kerberos.kerberossourcepropertymapping"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_sources_kerberos.userkerberossourceconnection"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_sources_kerberos.userkerberossourceconnection_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_sources_kerberos.userkerberossourceconnection"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_sources_kerberos.userkerberossourceconnection"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_sources_ldap.groupldapsourceconnection"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_sources_ldap.groupldapsourceconnection_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_sources_ldap.groupldapsourceconnection"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_sources_ldap.groupldapsourceconnection"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_sources_ldap.ldapsource"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_sources_ldap.ldapsource_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_sources_ldap.ldapsource"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_sources_ldap.ldapsource"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_sources_ldap.ldapsourcepropertymapping"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_sources_ldap.ldapsourcepropertymapping_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_sources_ldap.ldapsourcepropertymapping"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_sources_ldap.ldapsourcepropertymapping"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_sources_ldap.userldapsourceconnection"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_sources_ldap.userldapsourceconnection_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_sources_ldap.userldapsourceconnection"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_sources_ldap.userldapsourceconnection"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_sources_oauth.groupoauthsourceconnection"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_sources_oauth.groupoauthsourceconnection_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_sources_oauth.groupoauthsourceconnection"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_sources_oauth.groupoauthsourceconnection"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_sources_oauth.oauthsource"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_sources_oauth.oauthsource_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_sources_oauth.oauthsource"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_sources_oauth.oauthsource"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_sources_oauth.oauthsourcepropertymapping"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_sources_oauth.oauthsourcepropertymapping_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_sources_oauth.oauthsourcepropertymapping"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_sources_oauth.oauthsourcepropertymapping"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_sources_oauth.useroauthsourceconnection"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_sources_oauth.useroauthsourceconnection_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_sources_oauth.useroauthsourceconnection"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_sources_oauth.useroauthsourceconnection"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_sources_plex.groupplexsourceconnection"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_sources_plex.groupplexsourceconnection_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_sources_plex.groupplexsourceconnection"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_sources_plex.groupplexsourceconnection"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_sources_plex.plexsource"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_sources_plex.plexsource_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_sources_plex.plexsource"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_sources_plex.plexsource"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_sources_plex.plexsourcepropertymapping"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_sources_plex.plexsourcepropertymapping_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_sources_plex.plexsourcepropertymapping"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_sources_plex.plexsourcepropertymapping"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_sources_plex.userplexsourceconnection"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_sources_plex.userplexsourceconnection_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_sources_plex.userplexsourceconnection"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_sources_plex.userplexsourceconnection"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_sources_saml.groupsamlsourceconnection"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_sources_saml.groupsamlsourceconnection_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_sources_saml.groupsamlsourceconnection"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_sources_saml.groupsamlsourceconnection"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_sources_saml.samlsource"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_sources_saml.samlsource_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_sources_saml.samlsource"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_sources_saml.samlsource"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_sources_saml.samlsourcepropertymapping"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_sources_saml.samlsourcepropertymapping_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_sources_saml.samlsourcepropertymapping"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_sources_saml.samlsourcepropertymapping"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_sources_saml.usersamlsourceconnection"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_sources_saml.usersamlsourceconnection_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_sources_saml.usersamlsourceconnection"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_sources_saml.usersamlsourceconnection"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_sources_scim.scimsource"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_sources_scim.scimsource_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_sources_scim.scimsource"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_sources_scim.scimsource"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_sources_scim.scimsourcepropertymapping"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_sources_scim.scimsourcepropertymapping_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_sources_scim.scimsourcepropertymapping"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_sources_scim.scimsourcepropertymapping"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_sources_telegram.grouptelegramsourceconnection"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_sources_telegram.grouptelegramsourceconnection_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_sources_telegram.grouptelegramsourceconnection"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_sources_telegram.grouptelegramsourceconnection"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_sources_telegram.telegramsource"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_sources_telegram.telegramsource_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_sources_telegram.telegramsource"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_sources_telegram.telegramsource"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_sources_telegram.telegramsourcepropertymapping"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_sources_telegram.telegramsourcepropertymapping_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_sources_telegram.telegramsourcepropertymapping"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_sources_telegram.telegramsourcepropertymapping"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_sources_telegram.usertelegramsourceconnection"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_sources_telegram.usertelegramsourceconnection_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_sources_telegram.usertelegramsourceconnection"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_sources_telegram.usertelegramsourceconnection"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_stages_authenticator_duo.authenticatorduostage"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_stages_authenticator_duo.authenticatorduostage_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_stages_authenticator_duo.authenticatorduostage"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_stages_authenticator_duo.authenticatorduostage"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_stages_authenticator_duo.duodevice"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_stages_authenticator_duo.duodevice_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_stages_authenticator_duo.duodevice"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_stages_authenticator_duo.duodevice"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_stages_authenticator_email.authenticatoremailstage"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_stages_authenticator_email.authenticatoremailstage_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_stages_authenticator_email.authenticatoremailstage"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_stages_authenticator_email.authenticatoremailstage"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_stages_authenticator_email.emaildevice"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_stages_authenticator_email.emaildevice_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_stages_authenticator_email.emaildevice"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_stages_authenticator_email.emaildevice"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_stages_authenticator_sms.authenticatorsmsstage"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_stages_authenticator_sms.authenticatorsmsstage_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_stages_authenticator_sms.authenticatorsmsstage"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_stages_authenticator_sms.authenticatorsmsstage"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_stages_authenticator_sms.smsdevice"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_stages_authenticator_sms.smsdevice_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_stages_authenticator_sms.smsdevice"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_stages_authenticator_sms.smsdevice"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_stages_authenticator_static.authenticatorstaticstage"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_stages_authenticator_static.authenticatorstaticstage_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_stages_authenticator_static.authenticatorstaticstage"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_stages_authenticator_static.authenticatorstaticstage"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_stages_authenticator_static.staticdevice"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_stages_authenticator_static.staticdevice_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_stages_authenticator_static.staticdevice"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_stages_authenticator_static.staticdevice"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_stages_authenticator_totp.authenticatortotpstage"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_stages_authenticator_totp.authenticatortotpstage_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_stages_authenticator_totp.authenticatortotpstage"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_stages_authenticator_totp.authenticatortotpstage"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_stages_authenticator_totp.totpdevice"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_stages_authenticator_totp.totpdevice_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_stages_authenticator_totp.totpdevice"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_stages_authenticator_totp.totpdevice"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_stages_authenticator_validate.authenticatorvalidatestage"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_stages_authenticator_validate.authenticatorvalidatestage_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_stages_authenticator_validate.authenticatorvalidatestage"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_stages_authenticator_validate.authenticatorvalidatestage"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_stages_authenticator_webauthn.authenticatorwebauthnstage"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_stages_authenticator_webauthn.authenticatorwebauthnstage_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_stages_authenticator_webauthn.authenticatorwebauthnstage"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_stages_authenticator_webauthn.authenticatorwebauthnstage"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_stages_authenticator_webauthn.webauthndevice"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_stages_authenticator_webauthn.webauthndevice_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_stages_authenticator_webauthn.webauthndevice"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_stages_authenticator_webauthn.webauthndevice"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_stages_captcha.captchastage"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_stages_captcha.captchastage_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_stages_captcha.captchastage"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_stages_captcha.captchastage"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_stages_consent.consentstage"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_stages_consent.consentstage_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_stages_consent.consentstage"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_stages_consent.consentstage"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_stages_deny.denystage"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_stages_deny.denystage_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_stages_deny.denystage"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_stages_deny.denystage"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_stages_dummy.dummystage"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_stages_dummy.dummystage_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_stages_dummy.dummystage"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_stages_dummy.dummystage"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_stages_email.emailstage"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_stages_email.emailstage_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_stages_email.emailstage"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_stages_email.emailstage"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_stages_identification.identificationstage"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_stages_identification.identificationstage_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_stages_identification.identificationstage"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_stages_identification.identificationstage"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_stages_invitation.invitation"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_stages_invitation.invitation_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_stages_invitation.invitation"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_stages_invitation.invitation"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_stages_invitation.invitationstage"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_stages_invitation.invitationstage_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_stages_invitation.invitationstage"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_stages_invitation.invitationstage"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_stages_password.passwordstage"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_stages_password.passwordstage_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_stages_password.passwordstage"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_stages_password.passwordstage"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_stages_prompt.prompt"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_stages_prompt.prompt_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_stages_prompt.prompt"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_stages_prompt.prompt"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_stages_prompt.promptstage"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_stages_prompt.promptstage_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_stages_prompt.promptstage"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_stages_prompt.promptstage"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_stages_redirect.redirectstage"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_stages_redirect.redirectstage_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_stages_redirect.redirectstage"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_stages_redirect.redirectstage"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_stages_user_delete.userdeletestage"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_stages_user_delete.userdeletestage_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_stages_user_delete.userdeletestage"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_stages_user_delete.userdeletestage"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_stages_user_login.userloginstage"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_stages_user_login.userloginstage_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_stages_user_login.userloginstage"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_stages_user_login.userloginstage"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_stages_user_logout.userlogoutstage"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_stages_user_logout.userlogoutstage_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_stages_user_logout.userlogoutstage"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_stages_user_logout.userlogoutstage"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_stages_user_write.userwritestage"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_stages_user_write.userwritestage_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_stages_user_write.userwritestage"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_stages_user_write.userwritestage"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_tasks_schedules.schedule"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_tasks_schedules.schedule_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_tasks_schedules.schedule"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_tasks_schedules.schedule"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"type": "object",
|
|
"required": [
|
|
"model",
|
|
"identifiers"
|
|
],
|
|
"properties": {
|
|
"model": {
|
|
"const": "authentik_tenants.domain"
|
|
},
|
|
"id": {
|
|
"type": "string"
|
|
},
|
|
"state": {
|
|
"type": "string",
|
|
"enum": [
|
|
"absent",
|
|
"created",
|
|
"must_created",
|
|
"present"
|
|
],
|
|
"default": "present"
|
|
},
|
|
"conditions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "boolean"
|
|
}
|
|
},
|
|
"permissions": {
|
|
"$ref": "#/$defs/model_authentik_tenants.domain_permissions"
|
|
},
|
|
"attrs": {
|
|
"$ref": "#/$defs/model_authentik_tenants.domain"
|
|
},
|
|
"identifiers": {
|
|
"$ref": "#/$defs/model_authentik_tenants.domain"
|
|
}
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"model_authentik_blueprints.blueprintinstance": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"path": {
|
|
"type": "string",
|
|
"title": "Path"
|
|
},
|
|
"context": {
|
|
"type": "object",
|
|
"additionalProperties": true,
|
|
"title": "Context"
|
|
},
|
|
"enabled": {
|
|
"type": "boolean",
|
|
"title": "Enabled"
|
|
},
|
|
"content": {
|
|
"type": "string",
|
|
"title": "Content"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_blueprints.blueprintinstance_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_blueprintinstance",
|
|
"change_blueprintinstance",
|
|
"delete_blueprintinstance",
|
|
"view_blueprintinstance"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_blueprints.metaapplyblueprint": {
|
|
"type": "object",
|
|
"properties": {
|
|
"identifiers": {
|
|
"type": "object",
|
|
"additionalProperties": true,
|
|
"title": "Identifiers"
|
|
},
|
|
"required": {
|
|
"type": "boolean",
|
|
"title": "Required"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_blueprints.metaapplyblueprint_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_metaapplyblueprint",
|
|
"change_metaapplyblueprint",
|
|
"delete_metaapplyblueprint",
|
|
"view_metaapplyblueprint"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_brands.brand": {
|
|
"type": "object",
|
|
"properties": {
|
|
"domain": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Domain",
|
|
"description": "Domain that activates this brand. Can be a superset, i.e. `a.b` for `aa.b` and `ba.b`"
|
|
},
|
|
"default": {
|
|
"type": "boolean",
|
|
"title": "Default"
|
|
},
|
|
"branding_title": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Branding title"
|
|
},
|
|
"branding_logo": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Branding logo"
|
|
},
|
|
"branding_favicon": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Branding favicon"
|
|
},
|
|
"branding_custom_css": {
|
|
"type": "string",
|
|
"title": "Branding custom css"
|
|
},
|
|
"branding_default_flow_background": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Branding default flow background"
|
|
},
|
|
"flow_authentication": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Flow authentication"
|
|
},
|
|
"flow_invalidation": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Flow invalidation"
|
|
},
|
|
"flow_recovery": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Flow recovery"
|
|
},
|
|
"flow_unenrollment": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Flow unenrollment"
|
|
},
|
|
"flow_user_settings": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Flow user settings"
|
|
},
|
|
"flow_device_code": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Flow device code"
|
|
},
|
|
"default_application": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Default application",
|
|
"description": "When set, external users will be redirected to this application after authenticating."
|
|
},
|
|
"web_certificate": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Web certificate",
|
|
"description": "Web Certificate used by the authentik Core webserver."
|
|
},
|
|
"client_certificates": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"description": "Certificates used for client authentication."
|
|
},
|
|
"title": "Client certificates",
|
|
"description": "Certificates used for client authentication."
|
|
},
|
|
"attributes": {
|
|
"type": "object",
|
|
"additionalProperties": true,
|
|
"title": "Attributes"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_brands.brand_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_brand",
|
|
"change_brand",
|
|
"delete_brand",
|
|
"view_brand"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_core.application": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name",
|
|
"description": "Application's display Name."
|
|
},
|
|
"slug": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Slug",
|
|
"description": "Internal application name, used in URLs."
|
|
},
|
|
"provider": {
|
|
"type": "integer",
|
|
"title": "Provider"
|
|
},
|
|
"backchannel_providers": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "integer"
|
|
},
|
|
"title": "Backchannel providers"
|
|
},
|
|
"open_in_new_tab": {
|
|
"type": "boolean",
|
|
"title": "Open in new tab",
|
|
"description": "Open launch URL in a new browser tab or window."
|
|
},
|
|
"meta_launch_url": {
|
|
"type": "string",
|
|
"title": "Meta launch url"
|
|
},
|
|
"meta_icon": {
|
|
"type": "string",
|
|
"title": "Meta icon"
|
|
},
|
|
"meta_description": {
|
|
"type": "string",
|
|
"title": "Meta description"
|
|
},
|
|
"meta_publisher": {
|
|
"type": "string",
|
|
"title": "Meta publisher"
|
|
},
|
|
"policy_engine_mode": {
|
|
"type": "string",
|
|
"enum": [
|
|
"all",
|
|
"any"
|
|
],
|
|
"title": "Policy engine mode"
|
|
},
|
|
"group": {
|
|
"type": "string",
|
|
"title": "Group"
|
|
},
|
|
"icon": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Icon"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_core.application_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_application",
|
|
"change_application",
|
|
"delete_application",
|
|
"view_application"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_core.applicationentitlement": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"app": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "App"
|
|
},
|
|
"attributes": {
|
|
"type": "object",
|
|
"additionalProperties": true,
|
|
"title": "Attributes"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_core.applicationentitlement_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_applicationentitlement",
|
|
"change_applicationentitlement",
|
|
"delete_applicationentitlement",
|
|
"view_applicationentitlement"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_core.group": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"is_superuser": {
|
|
"type": "boolean",
|
|
"title": "Is superuser",
|
|
"description": "Users added to this group will be superusers."
|
|
},
|
|
"parents": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"format": "uuid"
|
|
},
|
|
"title": "Parents"
|
|
},
|
|
"users": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "integer"
|
|
},
|
|
"title": "Users"
|
|
},
|
|
"attributes": {
|
|
"type": "object",
|
|
"additionalProperties": true,
|
|
"title": "Attributes"
|
|
},
|
|
"roles": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"format": "uuid"
|
|
},
|
|
"title": "Roles"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_core.group_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_group",
|
|
"add_user_to_group",
|
|
"change_group",
|
|
"delete_group",
|
|
"disable_group_superuser",
|
|
"enable_group_superuser",
|
|
"remove_user_from_group",
|
|
"view_group"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_core.token": {
|
|
"type": "object",
|
|
"properties": {
|
|
"managed": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
],
|
|
"minLength": 1,
|
|
"title": "Managed by authentik",
|
|
"description": "Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update."
|
|
},
|
|
"identifier": {
|
|
"type": "string",
|
|
"maxLength": 255,
|
|
"minLength": 1,
|
|
"pattern": "^[-a-zA-Z0-9_]+$",
|
|
"title": "Identifier"
|
|
},
|
|
"intent": {
|
|
"type": "string",
|
|
"enum": [
|
|
"verification",
|
|
"api",
|
|
"recovery",
|
|
"app_password"
|
|
],
|
|
"title": "Intent"
|
|
},
|
|
"user": {
|
|
"type": "integer",
|
|
"title": "User"
|
|
},
|
|
"description": {
|
|
"type": "string",
|
|
"title": "Description"
|
|
},
|
|
"expires": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
],
|
|
"format": "date-time",
|
|
"title": "Expires"
|
|
},
|
|
"expiring": {
|
|
"type": "boolean",
|
|
"title": "Expiring"
|
|
},
|
|
"key": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Key"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_core.token_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_token",
|
|
"change_token",
|
|
"delete_token",
|
|
"set_token_key",
|
|
"view_token",
|
|
"view_token_key"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_core.user": {
|
|
"type": "object",
|
|
"properties": {
|
|
"username": {
|
|
"type": "string",
|
|
"maxLength": 150,
|
|
"minLength": 1,
|
|
"title": "Username"
|
|
},
|
|
"name": {
|
|
"type": "string",
|
|
"title": "Name",
|
|
"description": "User's display name."
|
|
},
|
|
"is_active": {
|
|
"type": "boolean",
|
|
"title": "Active",
|
|
"description": "Designates whether this user should be treated as active. Unselect this instead of deleting accounts."
|
|
},
|
|
"last_login": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
],
|
|
"format": "date-time",
|
|
"title": "Last login"
|
|
},
|
|
"groups": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"format": "uuid"
|
|
},
|
|
"title": "Groups"
|
|
},
|
|
"roles": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"format": "uuid"
|
|
},
|
|
"title": "Roles"
|
|
},
|
|
"email": {
|
|
"type": "string",
|
|
"format": "email",
|
|
"maxLength": 254,
|
|
"title": "Email address"
|
|
},
|
|
"attributes": {
|
|
"type": "object",
|
|
"additionalProperties": true,
|
|
"title": "Attributes"
|
|
},
|
|
"path": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Path"
|
|
},
|
|
"type": {
|
|
"type": "string",
|
|
"enum": [
|
|
"internal",
|
|
"external",
|
|
"service_account",
|
|
"internal_service_account"
|
|
],
|
|
"title": "Type"
|
|
},
|
|
"password": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
],
|
|
"minLength": 1,
|
|
"title": "Password"
|
|
},
|
|
"permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"enum": [
|
|
"authentik_blueprints.add_blueprintinstance",
|
|
"authentik_blueprints.change_blueprintinstance",
|
|
"authentik_blueprints.delete_blueprintinstance",
|
|
"authentik_blueprints.view_blueprintinstance",
|
|
"authentik_brands.add_brand",
|
|
"authentik_brands.change_brand",
|
|
"authentik_brands.delete_brand",
|
|
"authentik_brands.view_brand",
|
|
"authentik_core.add_application",
|
|
"authentik_core.add_applicationentitlement",
|
|
"authentik_core.add_authenticatedsession",
|
|
"authentik_core.add_group",
|
|
"authentik_core.add_groupancestrynode",
|
|
"authentik_core.add_groupparentagenode",
|
|
"authentik_core.add_groupsourceconnection",
|
|
"authentik_core.add_propertymapping",
|
|
"authentik_core.add_provider",
|
|
"authentik_core.add_source",
|
|
"authentik_core.add_token",
|
|
"authentik_core.add_user",
|
|
"authentik_core.add_user_to_group",
|
|
"authentik_core.add_usersourceconnection",
|
|
"authentik_core.change_application",
|
|
"authentik_core.change_applicationentitlement",
|
|
"authentik_core.change_authenticatedsession",
|
|
"authentik_core.change_group",
|
|
"authentik_core.change_groupancestrynode",
|
|
"authentik_core.change_groupparentagenode",
|
|
"authentik_core.change_groupsourceconnection",
|
|
"authentik_core.change_propertymapping",
|
|
"authentik_core.change_provider",
|
|
"authentik_core.change_source",
|
|
"authentik_core.change_token",
|
|
"authentik_core.change_user",
|
|
"authentik_core.change_usersourceconnection",
|
|
"authentik_core.delete_application",
|
|
"authentik_core.delete_applicationentitlement",
|
|
"authentik_core.delete_authenticatedsession",
|
|
"authentik_core.delete_group",
|
|
"authentik_core.delete_groupancestrynode",
|
|
"authentik_core.delete_groupparentagenode",
|
|
"authentik_core.delete_groupsourceconnection",
|
|
"authentik_core.delete_propertymapping",
|
|
"authentik_core.delete_provider",
|
|
"authentik_core.delete_source",
|
|
"authentik_core.delete_token",
|
|
"authentik_core.delete_user",
|
|
"authentik_core.delete_usersourceconnection",
|
|
"authentik_core.disable_group_superuser",
|
|
"authentik_core.enable_group_superuser",
|
|
"authentik_core.impersonate",
|
|
"authentik_core.preview_user",
|
|
"authentik_core.remove_user_from_group",
|
|
"authentik_core.reset_user_password",
|
|
"authentik_core.set_token_key",
|
|
"authentik_core.view_application",
|
|
"authentik_core.view_applicationentitlement",
|
|
"authentik_core.view_authenticatedsession",
|
|
"authentik_core.view_group",
|
|
"authentik_core.view_groupancestrynode",
|
|
"authentik_core.view_groupparentagenode",
|
|
"authentik_core.view_groupsourceconnection",
|
|
"authentik_core.view_propertymapping",
|
|
"authentik_core.view_provider",
|
|
"authentik_core.view_source",
|
|
"authentik_core.view_token",
|
|
"authentik_core.view_token_key",
|
|
"authentik_core.view_user",
|
|
"authentik_core.view_user_applications",
|
|
"authentik_core.view_usersourceconnection",
|
|
"authentik_crypto.add_certificatekeypair",
|
|
"authentik_crypto.change_certificatekeypair",
|
|
"authentik_crypto.delete_certificatekeypair",
|
|
"authentik_crypto.view_certificatekeypair",
|
|
"authentik_crypto.view_certificatekeypair_certificate",
|
|
"authentik_crypto.view_certificatekeypair_key",
|
|
"authentik_endpoints.add_connector",
|
|
"authentik_endpoints.add_device",
|
|
"authentik_endpoints.add_deviceaccessgroup",
|
|
"authentik_endpoints.add_deviceconnection",
|
|
"authentik_endpoints.add_devicefactsnapshot",
|
|
"authentik_endpoints.add_deviceuserbinding",
|
|
"authentik_endpoints.add_endpointstage",
|
|
"authentik_endpoints.change_connector",
|
|
"authentik_endpoints.change_device",
|
|
"authentik_endpoints.change_deviceaccessgroup",
|
|
"authentik_endpoints.change_deviceconnection",
|
|
"authentik_endpoints.change_devicefactsnapshot",
|
|
"authentik_endpoints.change_deviceuserbinding",
|
|
"authentik_endpoints.change_endpointstage",
|
|
"authentik_endpoints.delete_connector",
|
|
"authentik_endpoints.delete_device",
|
|
"authentik_endpoints.delete_deviceaccessgroup",
|
|
"authentik_endpoints.delete_deviceconnection",
|
|
"authentik_endpoints.delete_devicefactsnapshot",
|
|
"authentik_endpoints.delete_deviceuserbinding",
|
|
"authentik_endpoints.delete_endpointstage",
|
|
"authentik_endpoints.view_connector",
|
|
"authentik_endpoints.view_device",
|
|
"authentik_endpoints.view_deviceaccessgroup",
|
|
"authentik_endpoints.view_deviceconnection",
|
|
"authentik_endpoints.view_devicefactsnapshot",
|
|
"authentik_endpoints.view_deviceuserbinding",
|
|
"authentik_endpoints.view_endpointstage",
|
|
"authentik_endpoints_connectors_agent.add_agentconnector",
|
|
"authentik_endpoints_connectors_agent.add_agentdeviceconnection",
|
|
"authentik_endpoints_connectors_agent.add_agentdeviceuserbinding",
|
|
"authentik_endpoints_connectors_agent.add_appleindependentsecureenclave",
|
|
"authentik_endpoints_connectors_agent.add_applenonce",
|
|
"authentik_endpoints_connectors_agent.add_deviceauthenticationtoken",
|
|
"authentik_endpoints_connectors_agent.add_devicetoken",
|
|
"authentik_endpoints_connectors_agent.add_enrollmenttoken",
|
|
"authentik_endpoints_connectors_agent.change_agentconnector",
|
|
"authentik_endpoints_connectors_agent.change_agentdeviceconnection",
|
|
"authentik_endpoints_connectors_agent.change_agentdeviceuserbinding",
|
|
"authentik_endpoints_connectors_agent.change_appleindependentsecureenclave",
|
|
"authentik_endpoints_connectors_agent.change_applenonce",
|
|
"authentik_endpoints_connectors_agent.change_deviceauthenticationtoken",
|
|
"authentik_endpoints_connectors_agent.change_devicetoken",
|
|
"authentik_endpoints_connectors_agent.change_enrollmenttoken",
|
|
"authentik_endpoints_connectors_agent.delete_agentconnector",
|
|
"authentik_endpoints_connectors_agent.delete_agentdeviceconnection",
|
|
"authentik_endpoints_connectors_agent.delete_agentdeviceuserbinding",
|
|
"authentik_endpoints_connectors_agent.delete_appleindependentsecureenclave",
|
|
"authentik_endpoints_connectors_agent.delete_applenonce",
|
|
"authentik_endpoints_connectors_agent.delete_deviceauthenticationtoken",
|
|
"authentik_endpoints_connectors_agent.delete_devicetoken",
|
|
"authentik_endpoints_connectors_agent.delete_enrollmenttoken",
|
|
"authentik_endpoints_connectors_agent.view_agentconnector",
|
|
"authentik_endpoints_connectors_agent.view_agentdeviceconnection",
|
|
"authentik_endpoints_connectors_agent.view_agentdeviceuserbinding",
|
|
"authentik_endpoints_connectors_agent.view_appleindependentsecureenclave",
|
|
"authentik_endpoints_connectors_agent.view_applenonce",
|
|
"authentik_endpoints_connectors_agent.view_deviceauthenticationtoken",
|
|
"authentik_endpoints_connectors_agent.view_devicetoken",
|
|
"authentik_endpoints_connectors_agent.view_enrollment_token_key",
|
|
"authentik_endpoints_connectors_agent.view_enrollmenttoken",
|
|
"authentik_endpoints_connectors_fleet.add_fleetconnector",
|
|
"authentik_endpoints_connectors_fleet.change_fleetconnector",
|
|
"authentik_endpoints_connectors_fleet.delete_fleetconnector",
|
|
"authentik_endpoints_connectors_fleet.view_fleetconnector",
|
|
"authentik_endpoints_connectors_google_chrome.add_googlechromeconnector",
|
|
"authentik_endpoints_connectors_google_chrome.change_googlechromeconnector",
|
|
"authentik_endpoints_connectors_google_chrome.delete_googlechromeconnector",
|
|
"authentik_endpoints_connectors_google_chrome.view_googlechromeconnector",
|
|
"authentik_enterprise.add_license",
|
|
"authentik_enterprise.add_licenseusage",
|
|
"authentik_enterprise.change_license",
|
|
"authentik_enterprise.change_licenseusage",
|
|
"authentik_enterprise.delete_license",
|
|
"authentik_enterprise.delete_licenseusage",
|
|
"authentik_enterprise.view_license",
|
|
"authentik_enterprise.view_licenseusage",
|
|
"authentik_events.add_event",
|
|
"authentik_events.add_notification",
|
|
"authentik_events.add_notificationrule",
|
|
"authentik_events.add_notificationtransport",
|
|
"authentik_events.add_notificationwebhookmapping",
|
|
"authentik_events.change_event",
|
|
"authentik_events.change_notification",
|
|
"authentik_events.change_notificationrule",
|
|
"authentik_events.change_notificationtransport",
|
|
"authentik_events.change_notificationwebhookmapping",
|
|
"authentik_events.delete_event",
|
|
"authentik_events.delete_notification",
|
|
"authentik_events.delete_notificationrule",
|
|
"authentik_events.delete_notificationtransport",
|
|
"authentik_events.delete_notificationwebhookmapping",
|
|
"authentik_events.view_event",
|
|
"authentik_events.view_notification",
|
|
"authentik_events.view_notificationrule",
|
|
"authentik_events.view_notificationtransport",
|
|
"authentik_events.view_notificationwebhookmapping",
|
|
"authentik_flows.add_flow",
|
|
"authentik_flows.add_flowstagebinding",
|
|
"authentik_flows.add_flowtoken",
|
|
"authentik_flows.add_stage",
|
|
"authentik_flows.change_flow",
|
|
"authentik_flows.change_flowstagebinding",
|
|
"authentik_flows.change_flowtoken",
|
|
"authentik_flows.change_stage",
|
|
"authentik_flows.clear_flow_cache",
|
|
"authentik_flows.delete_flow",
|
|
"authentik_flows.delete_flowstagebinding",
|
|
"authentik_flows.delete_flowtoken",
|
|
"authentik_flows.delete_stage",
|
|
"authentik_flows.export_flow",
|
|
"authentik_flows.inspect_flow",
|
|
"authentik_flows.view_flow",
|
|
"authentik_flows.view_flow_cache",
|
|
"authentik_flows.view_flowstagebinding",
|
|
"authentik_flows.view_flowtoken",
|
|
"authentik_flows.view_stage",
|
|
"authentik_lifecycle.add_lifecycleiteration",
|
|
"authentik_lifecycle.add_lifecyclerule",
|
|
"authentik_lifecycle.add_review",
|
|
"authentik_lifecycle.change_lifecycleiteration",
|
|
"authentik_lifecycle.change_lifecyclerule",
|
|
"authentik_lifecycle.change_review",
|
|
"authentik_lifecycle.delete_lifecycleiteration",
|
|
"authentik_lifecycle.delete_lifecyclerule",
|
|
"authentik_lifecycle.delete_review",
|
|
"authentik_lifecycle.view_lifecycleiteration",
|
|
"authentik_lifecycle.view_lifecyclerule",
|
|
"authentik_lifecycle.view_review",
|
|
"authentik_outposts.add_dockerserviceconnection",
|
|
"authentik_outposts.add_kubernetesserviceconnection",
|
|
"authentik_outposts.add_outpost",
|
|
"authentik_outposts.add_outpostserviceconnection",
|
|
"authentik_outposts.change_dockerserviceconnection",
|
|
"authentik_outposts.change_kubernetesserviceconnection",
|
|
"authentik_outposts.change_outpost",
|
|
"authentik_outposts.change_outpostserviceconnection",
|
|
"authentik_outposts.delete_dockerserviceconnection",
|
|
"authentik_outposts.delete_kubernetesserviceconnection",
|
|
"authentik_outposts.delete_outpost",
|
|
"authentik_outposts.delete_outpostserviceconnection",
|
|
"authentik_outposts.view_dockerserviceconnection",
|
|
"authentik_outposts.view_kubernetesserviceconnection",
|
|
"authentik_outposts.view_outpost",
|
|
"authentik_outposts.view_outpostserviceconnection",
|
|
"authentik_policies.add_policy",
|
|
"authentik_policies.add_policybinding",
|
|
"authentik_policies.add_policybindingmodel",
|
|
"authentik_policies.change_policy",
|
|
"authentik_policies.change_policybinding",
|
|
"authentik_policies.change_policybindingmodel",
|
|
"authentik_policies.clear_policy_cache",
|
|
"authentik_policies.delete_policy",
|
|
"authentik_policies.delete_policybinding",
|
|
"authentik_policies.delete_policybindingmodel",
|
|
"authentik_policies.view_policy",
|
|
"authentik_policies.view_policy_cache",
|
|
"authentik_policies.view_policybinding",
|
|
"authentik_policies.view_policybindingmodel",
|
|
"authentik_policies_dummy.add_dummypolicy",
|
|
"authentik_policies_dummy.change_dummypolicy",
|
|
"authentik_policies_dummy.delete_dummypolicy",
|
|
"authentik_policies_dummy.view_dummypolicy",
|
|
"authentik_policies_event_matcher.add_eventmatcherpolicy",
|
|
"authentik_policies_event_matcher.change_eventmatcherpolicy",
|
|
"authentik_policies_event_matcher.delete_eventmatcherpolicy",
|
|
"authentik_policies_event_matcher.view_eventmatcherpolicy",
|
|
"authentik_policies_expiry.add_passwordexpirypolicy",
|
|
"authentik_policies_expiry.change_passwordexpirypolicy",
|
|
"authentik_policies_expiry.delete_passwordexpirypolicy",
|
|
"authentik_policies_expiry.view_passwordexpirypolicy",
|
|
"authentik_policies_expression.add_expressionpolicy",
|
|
"authentik_policies_expression.change_expressionpolicy",
|
|
"authentik_policies_expression.delete_expressionpolicy",
|
|
"authentik_policies_expression.view_expressionpolicy",
|
|
"authentik_policies_geoip.add_geoippolicy",
|
|
"authentik_policies_geoip.change_geoippolicy",
|
|
"authentik_policies_geoip.delete_geoippolicy",
|
|
"authentik_policies_geoip.view_geoippolicy",
|
|
"authentik_policies_password.add_passwordpolicy",
|
|
"authentik_policies_password.change_passwordpolicy",
|
|
"authentik_policies_password.delete_passwordpolicy",
|
|
"authentik_policies_password.view_passwordpolicy",
|
|
"authentik_policies_reputation.add_reputation",
|
|
"authentik_policies_reputation.add_reputationpolicy",
|
|
"authentik_policies_reputation.change_reputation",
|
|
"authentik_policies_reputation.change_reputationpolicy",
|
|
"authentik_policies_reputation.delete_reputation",
|
|
"authentik_policies_reputation.delete_reputationpolicy",
|
|
"authentik_policies_reputation.view_reputation",
|
|
"authentik_policies_reputation.view_reputationpolicy",
|
|
"authentik_policies_unique_password.add_uniquepasswordpolicy",
|
|
"authentik_policies_unique_password.add_userpasswordhistory",
|
|
"authentik_policies_unique_password.change_uniquepasswordpolicy",
|
|
"authentik_policies_unique_password.change_userpasswordhistory",
|
|
"authentik_policies_unique_password.delete_uniquepasswordpolicy",
|
|
"authentik_policies_unique_password.delete_userpasswordhistory",
|
|
"authentik_policies_unique_password.view_uniquepasswordpolicy",
|
|
"authentik_policies_unique_password.view_userpasswordhistory",
|
|
"authentik_providers_google_workspace.add_googleworkspaceprovider",
|
|
"authentik_providers_google_workspace.add_googleworkspaceprovidergroup",
|
|
"authentik_providers_google_workspace.add_googleworkspaceprovidermapping",
|
|
"authentik_providers_google_workspace.add_googleworkspaceprovideruser",
|
|
"authentik_providers_google_workspace.change_googleworkspaceprovider",
|
|
"authentik_providers_google_workspace.change_googleworkspaceprovidergroup",
|
|
"authentik_providers_google_workspace.change_googleworkspaceprovidermapping",
|
|
"authentik_providers_google_workspace.change_googleworkspaceprovideruser",
|
|
"authentik_providers_google_workspace.delete_googleworkspaceprovider",
|
|
"authentik_providers_google_workspace.delete_googleworkspaceprovidergroup",
|
|
"authentik_providers_google_workspace.delete_googleworkspaceprovidermapping",
|
|
"authentik_providers_google_workspace.delete_googleworkspaceprovideruser",
|
|
"authentik_providers_google_workspace.view_googleworkspaceprovider",
|
|
"authentik_providers_google_workspace.view_googleworkspaceprovidergroup",
|
|
"authentik_providers_google_workspace.view_googleworkspaceprovidermapping",
|
|
"authentik_providers_google_workspace.view_googleworkspaceprovideruser",
|
|
"authentik_providers_ldap.add_ldapprovider",
|
|
"authentik_providers_ldap.change_ldapprovider",
|
|
"authentik_providers_ldap.delete_ldapprovider",
|
|
"authentik_providers_ldap.search_full_directory",
|
|
"authentik_providers_ldap.view_ldapprovider",
|
|
"authentik_providers_microsoft_entra.add_microsoftentraprovider",
|
|
"authentik_providers_microsoft_entra.add_microsoftentraprovidergroup",
|
|
"authentik_providers_microsoft_entra.add_microsoftentraprovidermapping",
|
|
"authentik_providers_microsoft_entra.add_microsoftentraprovideruser",
|
|
"authentik_providers_microsoft_entra.change_microsoftentraprovider",
|
|
"authentik_providers_microsoft_entra.change_microsoftentraprovidergroup",
|
|
"authentik_providers_microsoft_entra.change_microsoftentraprovidermapping",
|
|
"authentik_providers_microsoft_entra.change_microsoftentraprovideruser",
|
|
"authentik_providers_microsoft_entra.delete_microsoftentraprovider",
|
|
"authentik_providers_microsoft_entra.delete_microsoftentraprovidergroup",
|
|
"authentik_providers_microsoft_entra.delete_microsoftentraprovidermapping",
|
|
"authentik_providers_microsoft_entra.delete_microsoftentraprovideruser",
|
|
"authentik_providers_microsoft_entra.view_microsoftentraprovider",
|
|
"authentik_providers_microsoft_entra.view_microsoftentraprovidergroup",
|
|
"authentik_providers_microsoft_entra.view_microsoftentraprovidermapping",
|
|
"authentik_providers_microsoft_entra.view_microsoftentraprovideruser",
|
|
"authentik_providers_oauth2.add_accesstoken",
|
|
"authentik_providers_oauth2.add_authorizationcode",
|
|
"authentik_providers_oauth2.add_devicetoken",
|
|
"authentik_providers_oauth2.add_oauth2provider",
|
|
"authentik_providers_oauth2.add_refreshtoken",
|
|
"authentik_providers_oauth2.add_scopemapping",
|
|
"authentik_providers_oauth2.change_accesstoken",
|
|
"authentik_providers_oauth2.change_authorizationcode",
|
|
"authentik_providers_oauth2.change_devicetoken",
|
|
"authentik_providers_oauth2.change_oauth2provider",
|
|
"authentik_providers_oauth2.change_refreshtoken",
|
|
"authentik_providers_oauth2.change_scopemapping",
|
|
"authentik_providers_oauth2.delete_accesstoken",
|
|
"authentik_providers_oauth2.delete_authorizationcode",
|
|
"authentik_providers_oauth2.delete_devicetoken",
|
|
"authentik_providers_oauth2.delete_oauth2provider",
|
|
"authentik_providers_oauth2.delete_refreshtoken",
|
|
"authentik_providers_oauth2.delete_scopemapping",
|
|
"authentik_providers_oauth2.view_accesstoken",
|
|
"authentik_providers_oauth2.view_authorizationcode",
|
|
"authentik_providers_oauth2.view_devicetoken",
|
|
"authentik_providers_oauth2.view_oauth2provider",
|
|
"authentik_providers_oauth2.view_refreshtoken",
|
|
"authentik_providers_oauth2.view_scopemapping",
|
|
"authentik_providers_proxy.add_proxyprovider",
|
|
"authentik_providers_proxy.add_proxysession",
|
|
"authentik_providers_proxy.change_proxyprovider",
|
|
"authentik_providers_proxy.change_proxysession",
|
|
"authentik_providers_proxy.delete_proxyprovider",
|
|
"authentik_providers_proxy.delete_proxysession",
|
|
"authentik_providers_proxy.view_proxyprovider",
|
|
"authentik_providers_proxy.view_proxysession",
|
|
"authentik_providers_rac.add_connectiontoken",
|
|
"authentik_providers_rac.add_endpoint",
|
|
"authentik_providers_rac.add_racpropertymapping",
|
|
"authentik_providers_rac.add_racprovider",
|
|
"authentik_providers_rac.change_connectiontoken",
|
|
"authentik_providers_rac.change_endpoint",
|
|
"authentik_providers_rac.change_racpropertymapping",
|
|
"authentik_providers_rac.change_racprovider",
|
|
"authentik_providers_rac.delete_connectiontoken",
|
|
"authentik_providers_rac.delete_endpoint",
|
|
"authentik_providers_rac.delete_racpropertymapping",
|
|
"authentik_providers_rac.delete_racprovider",
|
|
"authentik_providers_rac.view_connectiontoken",
|
|
"authentik_providers_rac.view_endpoint",
|
|
"authentik_providers_rac.view_racpropertymapping",
|
|
"authentik_providers_rac.view_racprovider",
|
|
"authentik_providers_radius.add_radiusprovider",
|
|
"authentik_providers_radius.add_radiusproviderpropertymapping",
|
|
"authentik_providers_radius.change_radiusprovider",
|
|
"authentik_providers_radius.change_radiusproviderpropertymapping",
|
|
"authentik_providers_radius.delete_radiusprovider",
|
|
"authentik_providers_radius.delete_radiusproviderpropertymapping",
|
|
"authentik_providers_radius.view_radiusprovider",
|
|
"authentik_providers_radius.view_radiusproviderpropertymapping",
|
|
"authentik_providers_saml.add_samlpropertymapping",
|
|
"authentik_providers_saml.add_samlprovider",
|
|
"authentik_providers_saml.add_samlsession",
|
|
"authentik_providers_saml.change_samlpropertymapping",
|
|
"authentik_providers_saml.change_samlprovider",
|
|
"authentik_providers_saml.change_samlsession",
|
|
"authentik_providers_saml.delete_samlpropertymapping",
|
|
"authentik_providers_saml.delete_samlprovider",
|
|
"authentik_providers_saml.delete_samlsession",
|
|
"authentik_providers_saml.view_samlpropertymapping",
|
|
"authentik_providers_saml.view_samlprovider",
|
|
"authentik_providers_saml.view_samlsession",
|
|
"authentik_providers_scim.add_scimmapping",
|
|
"authentik_providers_scim.add_scimprovider",
|
|
"authentik_providers_scim.add_scimprovidergroup",
|
|
"authentik_providers_scim.add_scimprovideruser",
|
|
"authentik_providers_scim.change_scimmapping",
|
|
"authentik_providers_scim.change_scimprovider",
|
|
"authentik_providers_scim.change_scimprovidergroup",
|
|
"authentik_providers_scim.change_scimprovideruser",
|
|
"authentik_providers_scim.delete_scimmapping",
|
|
"authentik_providers_scim.delete_scimprovider",
|
|
"authentik_providers_scim.delete_scimprovidergroup",
|
|
"authentik_providers_scim.delete_scimprovideruser",
|
|
"authentik_providers_scim.view_scimmapping",
|
|
"authentik_providers_scim.view_scimprovider",
|
|
"authentik_providers_scim.view_scimprovidergroup",
|
|
"authentik_providers_scim.view_scimprovideruser",
|
|
"authentik_providers_ssf.add_ssfprovider",
|
|
"authentik_providers_ssf.add_stream",
|
|
"authentik_providers_ssf.add_streamevent",
|
|
"authentik_providers_ssf.change_ssfprovider",
|
|
"authentik_providers_ssf.change_stream",
|
|
"authentik_providers_ssf.change_streamevent",
|
|
"authentik_providers_ssf.delete_ssfprovider",
|
|
"authentik_providers_ssf.delete_stream",
|
|
"authentik_providers_ssf.delete_streamevent",
|
|
"authentik_providers_ssf.view_ssfprovider",
|
|
"authentik_providers_ssf.view_stream",
|
|
"authentik_providers_ssf.view_streamevent",
|
|
"authentik_providers_ws_federation.add_wsfederationprovider",
|
|
"authentik_providers_ws_federation.change_wsfederationprovider",
|
|
"authentik_providers_ws_federation.delete_wsfederationprovider",
|
|
"authentik_providers_ws_federation.view_wsfederationprovider",
|
|
"authentik_rbac.access_admin_interface",
|
|
"authentik_rbac.add_initialpermissions",
|
|
"authentik_rbac.add_role",
|
|
"authentik_rbac.assign_role_permissions",
|
|
"authentik_rbac.change_initialpermissions",
|
|
"authentik_rbac.change_role",
|
|
"authentik_rbac.delete_initialpermissions",
|
|
"authentik_rbac.delete_role",
|
|
"authentik_rbac.edit_system_settings",
|
|
"authentik_rbac.manage_media_files",
|
|
"authentik_rbac.unassign_role_permissions",
|
|
"authentik_rbac.view_initialpermissions",
|
|
"authentik_rbac.view_media_files",
|
|
"authentik_rbac.view_role",
|
|
"authentik_rbac.view_system_info",
|
|
"authentik_rbac.view_system_settings",
|
|
"authentik_reports.add_dataexport",
|
|
"authentik_reports.change_dataexport",
|
|
"authentik_reports.delete_dataexport",
|
|
"authentik_reports.view_dataexport",
|
|
"authentik_sources_kerberos.add_groupkerberossourceconnection",
|
|
"authentik_sources_kerberos.add_kerberossource",
|
|
"authentik_sources_kerberos.add_kerberossourcepropertymapping",
|
|
"authentik_sources_kerberos.add_userkerberossourceconnection",
|
|
"authentik_sources_kerberos.change_groupkerberossourceconnection",
|
|
"authentik_sources_kerberos.change_kerberossource",
|
|
"authentik_sources_kerberos.change_kerberossourcepropertymapping",
|
|
"authentik_sources_kerberos.change_userkerberossourceconnection",
|
|
"authentik_sources_kerberos.delete_groupkerberossourceconnection",
|
|
"authentik_sources_kerberos.delete_kerberossource",
|
|
"authentik_sources_kerberos.delete_kerberossourcepropertymapping",
|
|
"authentik_sources_kerberos.delete_userkerberossourceconnection",
|
|
"authentik_sources_kerberos.view_groupkerberossourceconnection",
|
|
"authentik_sources_kerberos.view_kerberossource",
|
|
"authentik_sources_kerberos.view_kerberossourcepropertymapping",
|
|
"authentik_sources_kerberos.view_userkerberossourceconnection",
|
|
"authentik_sources_ldap.add_groupldapsourceconnection",
|
|
"authentik_sources_ldap.add_ldapsource",
|
|
"authentik_sources_ldap.add_ldapsourcepropertymapping",
|
|
"authentik_sources_ldap.add_userldapsourceconnection",
|
|
"authentik_sources_ldap.change_groupldapsourceconnection",
|
|
"authentik_sources_ldap.change_ldapsource",
|
|
"authentik_sources_ldap.change_ldapsourcepropertymapping",
|
|
"authentik_sources_ldap.change_userldapsourceconnection",
|
|
"authentik_sources_ldap.delete_groupldapsourceconnection",
|
|
"authentik_sources_ldap.delete_ldapsource",
|
|
"authentik_sources_ldap.delete_ldapsourcepropertymapping",
|
|
"authentik_sources_ldap.delete_userldapsourceconnection",
|
|
"authentik_sources_ldap.view_groupldapsourceconnection",
|
|
"authentik_sources_ldap.view_ldapsource",
|
|
"authentik_sources_ldap.view_ldapsourcepropertymapping",
|
|
"authentik_sources_ldap.view_userldapsourceconnection",
|
|
"authentik_sources_oauth.add_groupoauthsourceconnection",
|
|
"authentik_sources_oauth.add_oauthsource",
|
|
"authentik_sources_oauth.add_oauthsourcepropertymapping",
|
|
"authentik_sources_oauth.add_useroauthsourceconnection",
|
|
"authentik_sources_oauth.change_groupoauthsourceconnection",
|
|
"authentik_sources_oauth.change_oauthsource",
|
|
"authentik_sources_oauth.change_oauthsourcepropertymapping",
|
|
"authentik_sources_oauth.change_useroauthsourceconnection",
|
|
"authentik_sources_oauth.delete_groupoauthsourceconnection",
|
|
"authentik_sources_oauth.delete_oauthsource",
|
|
"authentik_sources_oauth.delete_oauthsourcepropertymapping",
|
|
"authentik_sources_oauth.delete_useroauthsourceconnection",
|
|
"authentik_sources_oauth.view_groupoauthsourceconnection",
|
|
"authentik_sources_oauth.view_oauthsource",
|
|
"authentik_sources_oauth.view_oauthsourcepropertymapping",
|
|
"authentik_sources_oauth.view_useroauthsourceconnection",
|
|
"authentik_sources_plex.add_groupplexsourceconnection",
|
|
"authentik_sources_plex.add_plexsource",
|
|
"authentik_sources_plex.add_plexsourcepropertymapping",
|
|
"authentik_sources_plex.add_userplexsourceconnection",
|
|
"authentik_sources_plex.change_groupplexsourceconnection",
|
|
"authentik_sources_plex.change_plexsource",
|
|
"authentik_sources_plex.change_plexsourcepropertymapping",
|
|
"authentik_sources_plex.change_userplexsourceconnection",
|
|
"authentik_sources_plex.delete_groupplexsourceconnection",
|
|
"authentik_sources_plex.delete_plexsource",
|
|
"authentik_sources_plex.delete_plexsourcepropertymapping",
|
|
"authentik_sources_plex.delete_userplexsourceconnection",
|
|
"authentik_sources_plex.view_groupplexsourceconnection",
|
|
"authentik_sources_plex.view_plexsource",
|
|
"authentik_sources_plex.view_plexsourcepropertymapping",
|
|
"authentik_sources_plex.view_userplexsourceconnection",
|
|
"authentik_sources_saml.add_groupsamlsourceconnection",
|
|
"authentik_sources_saml.add_samlsource",
|
|
"authentik_sources_saml.add_samlsourcepropertymapping",
|
|
"authentik_sources_saml.add_usersamlsourceconnection",
|
|
"authentik_sources_saml.change_groupsamlsourceconnection",
|
|
"authentik_sources_saml.change_samlsource",
|
|
"authentik_sources_saml.change_samlsourcepropertymapping",
|
|
"authentik_sources_saml.change_usersamlsourceconnection",
|
|
"authentik_sources_saml.delete_groupsamlsourceconnection",
|
|
"authentik_sources_saml.delete_samlsource",
|
|
"authentik_sources_saml.delete_samlsourcepropertymapping",
|
|
"authentik_sources_saml.delete_usersamlsourceconnection",
|
|
"authentik_sources_saml.view_groupsamlsourceconnection",
|
|
"authentik_sources_saml.view_samlsource",
|
|
"authentik_sources_saml.view_samlsourcepropertymapping",
|
|
"authentik_sources_saml.view_usersamlsourceconnection",
|
|
"authentik_sources_scim.add_scimsource",
|
|
"authentik_sources_scim.add_scimsourcegroup",
|
|
"authentik_sources_scim.add_scimsourcepropertymapping",
|
|
"authentik_sources_scim.add_scimsourceuser",
|
|
"authentik_sources_scim.change_scimsource",
|
|
"authentik_sources_scim.change_scimsourcegroup",
|
|
"authentik_sources_scim.change_scimsourcepropertymapping",
|
|
"authentik_sources_scim.change_scimsourceuser",
|
|
"authentik_sources_scim.delete_scimsource",
|
|
"authentik_sources_scim.delete_scimsourcegroup",
|
|
"authentik_sources_scim.delete_scimsourcepropertymapping",
|
|
"authentik_sources_scim.delete_scimsourceuser",
|
|
"authentik_sources_scim.view_scimsource",
|
|
"authentik_sources_scim.view_scimsourcegroup",
|
|
"authentik_sources_scim.view_scimsourcepropertymapping",
|
|
"authentik_sources_scim.view_scimsourceuser",
|
|
"authentik_sources_telegram.add_grouptelegramsourceconnection",
|
|
"authentik_sources_telegram.add_telegramsource",
|
|
"authentik_sources_telegram.add_telegramsourcepropertymapping",
|
|
"authentik_sources_telegram.add_usertelegramsourceconnection",
|
|
"authentik_sources_telegram.change_grouptelegramsourceconnection",
|
|
"authentik_sources_telegram.change_telegramsource",
|
|
"authentik_sources_telegram.change_telegramsourcepropertymapping",
|
|
"authentik_sources_telegram.change_usertelegramsourceconnection",
|
|
"authentik_sources_telegram.delete_grouptelegramsourceconnection",
|
|
"authentik_sources_telegram.delete_telegramsource",
|
|
"authentik_sources_telegram.delete_telegramsourcepropertymapping",
|
|
"authentik_sources_telegram.delete_usertelegramsourceconnection",
|
|
"authentik_sources_telegram.view_grouptelegramsourceconnection",
|
|
"authentik_sources_telegram.view_telegramsource",
|
|
"authentik_sources_telegram.view_telegramsourcepropertymapping",
|
|
"authentik_sources_telegram.view_usertelegramsourceconnection",
|
|
"authentik_stages_authenticator_duo.add_authenticatorduostage",
|
|
"authentik_stages_authenticator_duo.add_duodevice",
|
|
"authentik_stages_authenticator_duo.change_authenticatorduostage",
|
|
"authentik_stages_authenticator_duo.change_duodevice",
|
|
"authentik_stages_authenticator_duo.delete_authenticatorduostage",
|
|
"authentik_stages_authenticator_duo.delete_duodevice",
|
|
"authentik_stages_authenticator_duo.view_authenticatorduostage",
|
|
"authentik_stages_authenticator_duo.view_duodevice",
|
|
"authentik_stages_authenticator_email.add_authenticatoremailstage",
|
|
"authentik_stages_authenticator_email.add_emaildevice",
|
|
"authentik_stages_authenticator_email.change_authenticatoremailstage",
|
|
"authentik_stages_authenticator_email.change_emaildevice",
|
|
"authentik_stages_authenticator_email.delete_authenticatoremailstage",
|
|
"authentik_stages_authenticator_email.delete_emaildevice",
|
|
"authentik_stages_authenticator_email.view_authenticatoremailstage",
|
|
"authentik_stages_authenticator_email.view_emaildevice",
|
|
"authentik_stages_authenticator_endpoint_gdtc.add_authenticatorendpointgdtcstage",
|
|
"authentik_stages_authenticator_endpoint_gdtc.add_endpointdevice",
|
|
"authentik_stages_authenticator_endpoint_gdtc.add_endpointdeviceconnection",
|
|
"authentik_stages_authenticator_endpoint_gdtc.change_authenticatorendpointgdtcstage",
|
|
"authentik_stages_authenticator_endpoint_gdtc.change_endpointdevice",
|
|
"authentik_stages_authenticator_endpoint_gdtc.change_endpointdeviceconnection",
|
|
"authentik_stages_authenticator_endpoint_gdtc.delete_authenticatorendpointgdtcstage",
|
|
"authentik_stages_authenticator_endpoint_gdtc.delete_endpointdevice",
|
|
"authentik_stages_authenticator_endpoint_gdtc.delete_endpointdeviceconnection",
|
|
"authentik_stages_authenticator_endpoint_gdtc.view_authenticatorendpointgdtcstage",
|
|
"authentik_stages_authenticator_endpoint_gdtc.view_endpointdevice",
|
|
"authentik_stages_authenticator_endpoint_gdtc.view_endpointdeviceconnection",
|
|
"authentik_stages_authenticator_sms.add_authenticatorsmsstage",
|
|
"authentik_stages_authenticator_sms.add_smsdevice",
|
|
"authentik_stages_authenticator_sms.change_authenticatorsmsstage",
|
|
"authentik_stages_authenticator_sms.change_smsdevice",
|
|
"authentik_stages_authenticator_sms.delete_authenticatorsmsstage",
|
|
"authentik_stages_authenticator_sms.delete_smsdevice",
|
|
"authentik_stages_authenticator_sms.view_authenticatorsmsstage",
|
|
"authentik_stages_authenticator_sms.view_smsdevice",
|
|
"authentik_stages_authenticator_static.add_authenticatorstaticstage",
|
|
"authentik_stages_authenticator_static.add_staticdevice",
|
|
"authentik_stages_authenticator_static.add_statictoken",
|
|
"authentik_stages_authenticator_static.change_authenticatorstaticstage",
|
|
"authentik_stages_authenticator_static.change_staticdevice",
|
|
"authentik_stages_authenticator_static.change_statictoken",
|
|
"authentik_stages_authenticator_static.delete_authenticatorstaticstage",
|
|
"authentik_stages_authenticator_static.delete_staticdevice",
|
|
"authentik_stages_authenticator_static.delete_statictoken",
|
|
"authentik_stages_authenticator_static.view_authenticatorstaticstage",
|
|
"authentik_stages_authenticator_static.view_staticdevice",
|
|
"authentik_stages_authenticator_static.view_statictoken",
|
|
"authentik_stages_authenticator_totp.add_authenticatortotpstage",
|
|
"authentik_stages_authenticator_totp.add_totpdevice",
|
|
"authentik_stages_authenticator_totp.change_authenticatortotpstage",
|
|
"authentik_stages_authenticator_totp.change_totpdevice",
|
|
"authentik_stages_authenticator_totp.delete_authenticatortotpstage",
|
|
"authentik_stages_authenticator_totp.delete_totpdevice",
|
|
"authentik_stages_authenticator_totp.view_authenticatortotpstage",
|
|
"authentik_stages_authenticator_totp.view_totpdevice",
|
|
"authentik_stages_authenticator_validate.add_authenticatorvalidatestage",
|
|
"authentik_stages_authenticator_validate.change_authenticatorvalidatestage",
|
|
"authentik_stages_authenticator_validate.delete_authenticatorvalidatestage",
|
|
"authentik_stages_authenticator_validate.view_authenticatorvalidatestage",
|
|
"authentik_stages_authenticator_webauthn.add_authenticatorwebauthnstage",
|
|
"authentik_stages_authenticator_webauthn.add_webauthndevice",
|
|
"authentik_stages_authenticator_webauthn.add_webauthndevicetype",
|
|
"authentik_stages_authenticator_webauthn.change_authenticatorwebauthnstage",
|
|
"authentik_stages_authenticator_webauthn.change_webauthndevice",
|
|
"authentik_stages_authenticator_webauthn.change_webauthndevicetype",
|
|
"authentik_stages_authenticator_webauthn.delete_authenticatorwebauthnstage",
|
|
"authentik_stages_authenticator_webauthn.delete_webauthndevice",
|
|
"authentik_stages_authenticator_webauthn.delete_webauthndevicetype",
|
|
"authentik_stages_authenticator_webauthn.view_authenticatorwebauthnstage",
|
|
"authentik_stages_authenticator_webauthn.view_webauthndevice",
|
|
"authentik_stages_authenticator_webauthn.view_webauthndevicetype",
|
|
"authentik_stages_captcha.add_captchastage",
|
|
"authentik_stages_captcha.change_captchastage",
|
|
"authentik_stages_captcha.delete_captchastage",
|
|
"authentik_stages_captcha.view_captchastage",
|
|
"authentik_stages_consent.add_consentstage",
|
|
"authentik_stages_consent.add_userconsent",
|
|
"authentik_stages_consent.change_consentstage",
|
|
"authentik_stages_consent.change_userconsent",
|
|
"authentik_stages_consent.delete_consentstage",
|
|
"authentik_stages_consent.delete_userconsent",
|
|
"authentik_stages_consent.view_consentstage",
|
|
"authentik_stages_consent.view_userconsent",
|
|
"authentik_stages_deny.add_denystage",
|
|
"authentik_stages_deny.change_denystage",
|
|
"authentik_stages_deny.delete_denystage",
|
|
"authentik_stages_deny.view_denystage",
|
|
"authentik_stages_dummy.add_dummystage",
|
|
"authentik_stages_dummy.change_dummystage",
|
|
"authentik_stages_dummy.delete_dummystage",
|
|
"authentik_stages_dummy.view_dummystage",
|
|
"authentik_stages_email.add_emailstage",
|
|
"authentik_stages_email.change_emailstage",
|
|
"authentik_stages_email.delete_emailstage",
|
|
"authentik_stages_email.view_emailstage",
|
|
"authentik_stages_identification.add_identificationstage",
|
|
"authentik_stages_identification.change_identificationstage",
|
|
"authentik_stages_identification.delete_identificationstage",
|
|
"authentik_stages_identification.view_identificationstage",
|
|
"authentik_stages_invitation.add_invitation",
|
|
"authentik_stages_invitation.add_invitationstage",
|
|
"authentik_stages_invitation.change_invitation",
|
|
"authentik_stages_invitation.change_invitationstage",
|
|
"authentik_stages_invitation.delete_invitation",
|
|
"authentik_stages_invitation.delete_invitationstage",
|
|
"authentik_stages_invitation.view_invitation",
|
|
"authentik_stages_invitation.view_invitationstage",
|
|
"authentik_stages_mtls.add_mutualtlsstage",
|
|
"authentik_stages_mtls.change_mutualtlsstage",
|
|
"authentik_stages_mtls.delete_mutualtlsstage",
|
|
"authentik_stages_mtls.pass_outpost_certificate",
|
|
"authentik_stages_mtls.view_mutualtlsstage",
|
|
"authentik_stages_password.add_passwordstage",
|
|
"authentik_stages_password.change_passwordstage",
|
|
"authentik_stages_password.delete_passwordstage",
|
|
"authentik_stages_password.view_passwordstage",
|
|
"authentik_stages_prompt.add_prompt",
|
|
"authentik_stages_prompt.add_promptstage",
|
|
"authentik_stages_prompt.change_prompt",
|
|
"authentik_stages_prompt.change_promptstage",
|
|
"authentik_stages_prompt.delete_prompt",
|
|
"authentik_stages_prompt.delete_promptstage",
|
|
"authentik_stages_prompt.view_prompt",
|
|
"authentik_stages_prompt.view_promptstage",
|
|
"authentik_stages_redirect.add_redirectstage",
|
|
"authentik_stages_redirect.change_redirectstage",
|
|
"authentik_stages_redirect.delete_redirectstage",
|
|
"authentik_stages_redirect.view_redirectstage",
|
|
"authentik_stages_source.add_sourcestage",
|
|
"authentik_stages_source.change_sourcestage",
|
|
"authentik_stages_source.delete_sourcestage",
|
|
"authentik_stages_source.view_sourcestage",
|
|
"authentik_stages_user_delete.add_userdeletestage",
|
|
"authentik_stages_user_delete.change_userdeletestage",
|
|
"authentik_stages_user_delete.delete_userdeletestage",
|
|
"authentik_stages_user_delete.view_userdeletestage",
|
|
"authentik_stages_user_login.add_userloginstage",
|
|
"authentik_stages_user_login.change_userloginstage",
|
|
"authentik_stages_user_login.delete_userloginstage",
|
|
"authentik_stages_user_login.view_userloginstage",
|
|
"authentik_stages_user_logout.add_userlogoutstage",
|
|
"authentik_stages_user_logout.change_userlogoutstage",
|
|
"authentik_stages_user_logout.delete_userlogoutstage",
|
|
"authentik_stages_user_logout.view_userlogoutstage",
|
|
"authentik_stages_user_write.add_userwritestage",
|
|
"authentik_stages_user_write.change_userwritestage",
|
|
"authentik_stages_user_write.delete_userwritestage",
|
|
"authentik_stages_user_write.view_userwritestage",
|
|
"authentik_tasks.retry_task",
|
|
"authentik_tasks.view_task",
|
|
"authentik_tasks_schedules.change_schedule",
|
|
"authentik_tasks_schedules.send_schedule",
|
|
"authentik_tasks_schedules.view_schedule",
|
|
"authentik_tenants.add_domain",
|
|
"authentik_tenants.add_tenant",
|
|
"authentik_tenants.change_domain",
|
|
"authentik_tenants.change_tenant",
|
|
"authentik_tenants.delete_domain",
|
|
"authentik_tenants.delete_tenant",
|
|
"authentik_tenants.view_domain",
|
|
"authentik_tenants.view_tenant"
|
|
]
|
|
},
|
|
"title": "Permissions"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_core.user_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_user",
|
|
"change_user",
|
|
"delete_user",
|
|
"impersonate",
|
|
"preview_user",
|
|
"reset_user_password",
|
|
"view_user",
|
|
"view_user_applications"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_crypto.certificatekeypair": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"certificate_data": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Certificate data",
|
|
"description": "PEM-encoded Certificate data"
|
|
},
|
|
"key_data": {
|
|
"type": "string",
|
|
"title": "Key data",
|
|
"description": "Optional Private Key. If this is set, you can use this keypair for encryption."
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_crypto.certificatekeypair_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_certificatekeypair",
|
|
"change_certificatekeypair",
|
|
"delete_certificatekeypair",
|
|
"view_certificatekeypair",
|
|
"view_certificatekeypair_certificate",
|
|
"view_certificatekeypair_key"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_endpoints_connectors_agent.agentconnector": {
|
|
"type": "object",
|
|
"properties": {
|
|
"connector_uuid": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Connector uuid"
|
|
},
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"enabled": {
|
|
"type": "boolean",
|
|
"title": "Enabled"
|
|
},
|
|
"snapshot_expiry": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Snapshot expiry"
|
|
},
|
|
"auth_session_duration": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Auth session duration"
|
|
},
|
|
"auth_terminate_session_on_expiry": {
|
|
"type": "boolean",
|
|
"title": "Auth terminate session on expiry"
|
|
},
|
|
"refresh_interval": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Refresh interval"
|
|
},
|
|
"authorization_flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Authorization flow"
|
|
},
|
|
"nss_uid_offset": {
|
|
"type": "integer",
|
|
"minimum": 0,
|
|
"maximum": 2147483647,
|
|
"title": "Nss uid offset"
|
|
},
|
|
"nss_gid_offset": {
|
|
"type": "integer",
|
|
"minimum": 0,
|
|
"maximum": 2147483647,
|
|
"title": "Nss gid offset"
|
|
},
|
|
"challenge_key": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Challenge key"
|
|
},
|
|
"challenge_idle_timeout": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Challenge idle timeout"
|
|
},
|
|
"challenge_trigger_check_in": {
|
|
"type": "boolean",
|
|
"title": "Challenge trigger check in"
|
|
},
|
|
"jwt_federation_providers": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "integer"
|
|
},
|
|
"title": "Jwt federation providers"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_endpoints_connectors_agent.agentconnector_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_agentconnector",
|
|
"change_agentconnector",
|
|
"delete_agentconnector",
|
|
"view_agentconnector"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_endpoints_connectors_agent.agentdeviceuserbinding": {
|
|
"type": "object",
|
|
"properties": {
|
|
"policy": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Policy"
|
|
},
|
|
"group": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Group"
|
|
},
|
|
"user": {
|
|
"type": "integer",
|
|
"title": "User"
|
|
},
|
|
"target": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Target"
|
|
},
|
|
"negate": {
|
|
"type": "boolean",
|
|
"title": "Negate",
|
|
"description": "Negates the outcome of the policy. Messages are unaffected."
|
|
},
|
|
"enabled": {
|
|
"type": "boolean",
|
|
"title": "Enabled"
|
|
},
|
|
"order": {
|
|
"type": "integer",
|
|
"minimum": -2147483648,
|
|
"maximum": 2147483647,
|
|
"title": "Order"
|
|
},
|
|
"timeout": {
|
|
"type": "integer",
|
|
"minimum": 0,
|
|
"maximum": 2147483647,
|
|
"title": "Timeout",
|
|
"description": "Timeout after which Policy execution is terminated."
|
|
},
|
|
"failure_result": {
|
|
"type": "boolean",
|
|
"title": "Failure result",
|
|
"description": "Result if the Policy execution fails."
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_endpoints_connectors_agent.agentdeviceuserbinding_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_agentdeviceuserbinding",
|
|
"change_agentdeviceuserbinding",
|
|
"delete_agentdeviceuserbinding",
|
|
"view_agentdeviceuserbinding"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_endpoints_connectors_agent.enrollmenttoken": {
|
|
"type": "object",
|
|
"properties": {
|
|
"device_group": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Device group"
|
|
},
|
|
"connector": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Connector"
|
|
},
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"expiring": {
|
|
"type": "boolean",
|
|
"title": "Expiring"
|
|
},
|
|
"expires": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
],
|
|
"format": "date-time",
|
|
"title": "Expires"
|
|
},
|
|
"key": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Key"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_endpoints_connectors_agent.enrollmenttoken_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_enrollmenttoken",
|
|
"change_enrollmenttoken",
|
|
"delete_enrollmenttoken",
|
|
"view_enrollment_token_key",
|
|
"view_enrollmenttoken"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_endpoints.deviceaccessgroup": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"attributes": {
|
|
"type": "object",
|
|
"additionalProperties": true,
|
|
"title": "Attributes"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_endpoints.deviceaccessgroup_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_deviceaccessgroup",
|
|
"change_deviceaccessgroup",
|
|
"delete_deviceaccessgroup",
|
|
"view_deviceaccessgroup"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_endpoints.deviceuserbinding": {
|
|
"type": "object",
|
|
"properties": {
|
|
"policy": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Policy"
|
|
},
|
|
"group": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Group"
|
|
},
|
|
"user": {
|
|
"type": "integer",
|
|
"title": "User"
|
|
},
|
|
"target": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Target"
|
|
},
|
|
"negate": {
|
|
"type": "boolean",
|
|
"title": "Negate",
|
|
"description": "Negates the outcome of the policy. Messages are unaffected."
|
|
},
|
|
"enabled": {
|
|
"type": "boolean",
|
|
"title": "Enabled"
|
|
},
|
|
"order": {
|
|
"type": "integer",
|
|
"minimum": -2147483648,
|
|
"maximum": 2147483647,
|
|
"title": "Order"
|
|
},
|
|
"timeout": {
|
|
"type": "integer",
|
|
"minimum": 0,
|
|
"maximum": 2147483647,
|
|
"title": "Timeout",
|
|
"description": "Timeout after which Policy execution is terminated."
|
|
},
|
|
"failure_result": {
|
|
"type": "boolean",
|
|
"title": "Failure result",
|
|
"description": "Result if the Policy execution fails."
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_endpoints.deviceuserbinding_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_deviceuserbinding",
|
|
"change_deviceuserbinding",
|
|
"delete_deviceuserbinding",
|
|
"view_deviceuserbinding"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_endpoints.endpointstage": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"connector": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Connector"
|
|
},
|
|
"mode": {
|
|
"type": "string",
|
|
"enum": [
|
|
"optional",
|
|
"required"
|
|
],
|
|
"title": "Mode"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_endpoints.endpointstage_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_endpointstage",
|
|
"change_endpointstage",
|
|
"delete_endpointstage",
|
|
"view_endpointstage"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_endpoints_connectors_fleet.fleetconnector": {
|
|
"type": "object",
|
|
"properties": {
|
|
"connector_uuid": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Connector uuid"
|
|
},
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"enabled": {
|
|
"type": "boolean",
|
|
"title": "Enabled"
|
|
},
|
|
"url": {
|
|
"type": "string",
|
|
"format": "uri",
|
|
"maxLength": 200,
|
|
"minLength": 1,
|
|
"title": "Url"
|
|
},
|
|
"token": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Token"
|
|
},
|
|
"headers_mapping": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Headers mapping",
|
|
"description": "Configure additional headers to be sent. Mapping should return a dictionary of key-value pairs"
|
|
},
|
|
"map_users": {
|
|
"type": "boolean",
|
|
"title": "Map users"
|
|
},
|
|
"map_teams_access_group": {
|
|
"type": "boolean",
|
|
"title": "Map teams access group"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_endpoints_connectors_fleet.fleetconnector_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_fleetconnector",
|
|
"change_fleetconnector",
|
|
"delete_fleetconnector",
|
|
"view_fleetconnector"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_endpoints_connectors_google_chrome.googlechromeconnector": {
|
|
"type": "object",
|
|
"properties": {
|
|
"connector_uuid": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Connector uuid"
|
|
},
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"enabled": {
|
|
"type": "boolean",
|
|
"title": "Enabled"
|
|
},
|
|
"credentials": {
|
|
"type": "object",
|
|
"additionalProperties": true,
|
|
"title": "Credentials"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_endpoints_connectors_google_chrome.googlechromeconnector_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_googlechromeconnector",
|
|
"change_googlechromeconnector",
|
|
"delete_googlechromeconnector",
|
|
"view_googlechromeconnector"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_lifecycle.lifecycleiteration": {
|
|
"type": "object",
|
|
"properties": {
|
|
"content_type": {
|
|
"type": "string",
|
|
"enum": [
|
|
"authentik_core.application",
|
|
"authentik_core.group",
|
|
"authentik_rbac.role"
|
|
],
|
|
"title": "Content type"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_lifecycle.lifecycleiteration_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_lifecycleiteration",
|
|
"change_lifecycleiteration",
|
|
"delete_lifecycleiteration",
|
|
"view_lifecycleiteration"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_lifecycle.lifecyclerule": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"content_type": {
|
|
"type": "string",
|
|
"enum": [
|
|
"authentik_core.application",
|
|
"authentik_core.group",
|
|
"authentik_rbac.role"
|
|
],
|
|
"title": "Content type"
|
|
},
|
|
"object_id": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
],
|
|
"minLength": 1,
|
|
"title": "Object id"
|
|
},
|
|
"interval": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Interval"
|
|
},
|
|
"grace_period": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Grace period"
|
|
},
|
|
"reviewer_groups": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"format": "uuid"
|
|
},
|
|
"title": "Reviewer groups"
|
|
},
|
|
"min_reviewers": {
|
|
"type": "integer",
|
|
"minimum": 0,
|
|
"maximum": 32767,
|
|
"title": "Min reviewers"
|
|
},
|
|
"min_reviewers_is_per_group": {
|
|
"type": "boolean",
|
|
"title": "Min reviewers is per group"
|
|
},
|
|
"reviewers": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"pattern": "^[-a-zA-Z0-9_]+$"
|
|
},
|
|
"title": "Reviewers"
|
|
},
|
|
"notification_transports": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"description": "Select which transports should be used to notify the reviewers. If none are selected, the notification will only be shown in the authentik UI."
|
|
},
|
|
"title": "Notification transports",
|
|
"description": "Select which transports should be used to notify the reviewers. If none are selected, the notification will only be shown in the authentik UI."
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_lifecycle.lifecyclerule_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_lifecyclerule",
|
|
"change_lifecyclerule",
|
|
"delete_lifecyclerule",
|
|
"view_lifecyclerule"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_lifecycle.review": {
|
|
"type": "object",
|
|
"properties": {
|
|
"iteration": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Iteration"
|
|
},
|
|
"note": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
],
|
|
"minLength": 1,
|
|
"title": "Note"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_lifecycle.review_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_review",
|
|
"change_review",
|
|
"delete_review",
|
|
"view_review"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_enterprise.license": {
|
|
"type": "object",
|
|
"properties": {
|
|
"key": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Key"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_enterprise.license_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_license",
|
|
"change_license",
|
|
"delete_license",
|
|
"view_license"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_policies_unique_password.uniquepasswordpolicy": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"execution_logging": {
|
|
"type": "boolean",
|
|
"title": "Execution logging",
|
|
"description": "When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged."
|
|
},
|
|
"password_field": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Password field",
|
|
"description": "Field key to check, field keys defined in Prompt stages are available."
|
|
},
|
|
"num_historical_passwords": {
|
|
"type": "integer",
|
|
"minimum": 0,
|
|
"maximum": 2147483647,
|
|
"title": "Num historical passwords",
|
|
"description": "Number of passwords to check against."
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_policies_unique_password.uniquepasswordpolicy_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_uniquepasswordpolicy",
|
|
"change_uniquepasswordpolicy",
|
|
"delete_uniquepasswordpolicy",
|
|
"view_uniquepasswordpolicy"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_providers_google_workspace.googleworkspaceprovider": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"property_mappings": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"format": "uuid"
|
|
},
|
|
"title": "Property mappings"
|
|
},
|
|
"property_mappings_group": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"description": "Property mappings used for group creation/updating."
|
|
},
|
|
"title": "Property mappings group",
|
|
"description": "Property mappings used for group creation/updating."
|
|
},
|
|
"delegated_subject": {
|
|
"type": "string",
|
|
"format": "email",
|
|
"maxLength": 254,
|
|
"minLength": 1,
|
|
"title": "Delegated subject"
|
|
},
|
|
"credentials": {
|
|
"type": "object",
|
|
"additionalProperties": true,
|
|
"title": "Credentials"
|
|
},
|
|
"scopes": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Scopes"
|
|
},
|
|
"exclude_users_service_account": {
|
|
"type": "boolean",
|
|
"title": "Exclude users service account"
|
|
},
|
|
"filter_group": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Filter group"
|
|
},
|
|
"user_delete_action": {
|
|
"type": "string",
|
|
"enum": [
|
|
"do_nothing",
|
|
"delete",
|
|
"suspend"
|
|
],
|
|
"title": "User delete action"
|
|
},
|
|
"group_delete_action": {
|
|
"type": "string",
|
|
"enum": [
|
|
"do_nothing",
|
|
"delete",
|
|
"suspend"
|
|
],
|
|
"title": "Group delete action"
|
|
},
|
|
"default_group_email_domain": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Default group email domain"
|
|
},
|
|
"sync_page_size": {
|
|
"type": "integer",
|
|
"minimum": 1,
|
|
"maximum": 2147483647,
|
|
"title": "Sync page size",
|
|
"description": "Controls the number of objects synced in a single task"
|
|
},
|
|
"sync_page_timeout": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Sync page timeout",
|
|
"description": "Timeout for synchronization of a single page"
|
|
},
|
|
"dry_run": {
|
|
"type": "boolean",
|
|
"title": "Dry run",
|
|
"description": "When enabled, provider will not modify or create objects in the remote system."
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_providers_google_workspace.googleworkspaceprovider_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_googleworkspaceprovider",
|
|
"change_googleworkspaceprovider",
|
|
"delete_googleworkspaceprovider",
|
|
"view_googleworkspaceprovider"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_providers_google_workspace.googleworkspaceprovidermapping": {
|
|
"type": "object",
|
|
"properties": {
|
|
"managed": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
],
|
|
"minLength": 1,
|
|
"title": "Managed by authentik",
|
|
"description": "Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update."
|
|
},
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"expression": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Expression"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_providers_google_workspace.googleworkspaceprovidermapping_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_googleworkspaceprovidermapping",
|
|
"change_googleworkspaceprovidermapping",
|
|
"delete_googleworkspaceprovidermapping",
|
|
"view_googleworkspaceprovidermapping"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_providers_microsoft_entra.microsoftentraprovider": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"property_mappings": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"format": "uuid"
|
|
},
|
|
"title": "Property mappings"
|
|
},
|
|
"property_mappings_group": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"description": "Property mappings used for group creation/updating."
|
|
},
|
|
"title": "Property mappings group",
|
|
"description": "Property mappings used for group creation/updating."
|
|
},
|
|
"client_id": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Client id"
|
|
},
|
|
"client_secret": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Client secret"
|
|
},
|
|
"tenant_id": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Tenant id"
|
|
},
|
|
"exclude_users_service_account": {
|
|
"type": "boolean",
|
|
"title": "Exclude users service account"
|
|
},
|
|
"filter_group": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Filter group"
|
|
},
|
|
"user_delete_action": {
|
|
"type": "string",
|
|
"enum": [
|
|
"do_nothing",
|
|
"delete",
|
|
"suspend"
|
|
],
|
|
"title": "User delete action"
|
|
},
|
|
"group_delete_action": {
|
|
"type": "string",
|
|
"enum": [
|
|
"do_nothing",
|
|
"delete",
|
|
"suspend"
|
|
],
|
|
"title": "Group delete action"
|
|
},
|
|
"sync_page_size": {
|
|
"type": "integer",
|
|
"minimum": 1,
|
|
"maximum": 2147483647,
|
|
"title": "Sync page size",
|
|
"description": "Controls the number of objects synced in a single task"
|
|
},
|
|
"sync_page_timeout": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Sync page timeout",
|
|
"description": "Timeout for synchronization of a single page"
|
|
},
|
|
"dry_run": {
|
|
"type": "boolean",
|
|
"title": "Dry run",
|
|
"description": "When enabled, provider will not modify or create objects in the remote system."
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_providers_microsoft_entra.microsoftentraprovider_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_microsoftentraprovider",
|
|
"change_microsoftentraprovider",
|
|
"delete_microsoftentraprovider",
|
|
"view_microsoftentraprovider"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_providers_microsoft_entra.microsoftentraprovidermapping": {
|
|
"type": "object",
|
|
"properties": {
|
|
"managed": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
],
|
|
"minLength": 1,
|
|
"title": "Managed by authentik",
|
|
"description": "Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update."
|
|
},
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"expression": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Expression"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_providers_microsoft_entra.microsoftentraprovidermapping_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_microsoftentraprovidermapping",
|
|
"change_microsoftentraprovidermapping",
|
|
"delete_microsoftentraprovidermapping",
|
|
"view_microsoftentraprovidermapping"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_providers_ssf.ssfprovider": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"signing_key": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Signing Key",
|
|
"description": "Key used to sign the SSF Events."
|
|
},
|
|
"oidc_auth_providers": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "integer"
|
|
},
|
|
"title": "Oidc auth providers"
|
|
},
|
|
"event_retention": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Event retention"
|
|
},
|
|
"push_verify_certificates": {
|
|
"type": "boolean",
|
|
"title": "Push verify certificates"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_providers_ssf.ssfprovider_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_ssfprovider",
|
|
"add_stream",
|
|
"change_ssfprovider",
|
|
"delete_ssfprovider",
|
|
"view_ssfprovider"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_providers_ws_federation.wsfederationprovider": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"authentication_flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Authentication flow",
|
|
"description": "Flow used for authentication when the associated application is accessed by an un-authenticated user."
|
|
},
|
|
"authorization_flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Authorization flow",
|
|
"description": "Flow used when authorizing this provider."
|
|
},
|
|
"invalidation_flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Invalidation flow",
|
|
"description": "Flow used ending the session from a provider."
|
|
},
|
|
"property_mappings": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"format": "uuid"
|
|
},
|
|
"title": "Property mappings"
|
|
},
|
|
"reply_url": {
|
|
"type": "string",
|
|
"format": "uri",
|
|
"minLength": 1,
|
|
"title": "Reply url"
|
|
},
|
|
"wtrealm": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Wtrealm"
|
|
},
|
|
"assertion_valid_not_before": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Assertion valid not before",
|
|
"description": "Assertion valid not before current time + this value (Format: hours=-1;minutes=-2;seconds=-3)."
|
|
},
|
|
"assertion_valid_not_on_or_after": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Assertion valid not on or after",
|
|
"description": "Assertion not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)."
|
|
},
|
|
"session_valid_not_on_or_after": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Session valid not on or after",
|
|
"description": "Session not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)."
|
|
},
|
|
"name_id_mapping": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "NameID Property Mapping",
|
|
"description": "Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be considered"
|
|
},
|
|
"authn_context_class_ref_mapping": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "AuthnContextClassRef Property Mapping",
|
|
"description": "Configure how the AuthnContextClassRef value will be created. When left empty, the AuthnContextClassRef will be set based on which authentication methods the user used to authenticate."
|
|
},
|
|
"digest_algorithm": {
|
|
"type": "string",
|
|
"enum": [
|
|
"http://www.w3.org/2000/09/xmldsig#sha1",
|
|
"http://www.w3.org/2001/04/xmlenc#sha256",
|
|
"http://www.w3.org/2001/04/xmldsig-more#sha384",
|
|
"http://www.w3.org/2001/04/xmlenc#sha512"
|
|
],
|
|
"title": "Digest algorithm"
|
|
},
|
|
"signature_algorithm": {
|
|
"type": "string",
|
|
"enum": [
|
|
"http://www.w3.org/2000/09/xmldsig#rsa-sha1",
|
|
"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
|
|
"http://www.w3.org/2001/04/xmldsig-more#rsa-sha384",
|
|
"http://www.w3.org/2001/04/xmldsig-more#rsa-sha512",
|
|
"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1",
|
|
"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256",
|
|
"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384",
|
|
"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512",
|
|
"http://www.w3.org/2000/09/xmldsig#dsa-sha1"
|
|
],
|
|
"title": "Signature algorithm"
|
|
},
|
|
"signing_kp": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Signing Keypair",
|
|
"description": "Keypair used to sign outgoing Responses going to the Service Provider."
|
|
},
|
|
"encryption_kp": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Encryption Keypair",
|
|
"description": "When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key."
|
|
},
|
|
"sign_assertion": {
|
|
"type": "boolean",
|
|
"title": "Sign assertion"
|
|
},
|
|
"sign_logout_request": {
|
|
"type": "boolean",
|
|
"title": "Sign logout request"
|
|
},
|
|
"default_name_id_policy": {
|
|
"type": "string",
|
|
"enum": [
|
|
"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
|
|
"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
|
|
"urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName",
|
|
"urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName",
|
|
"urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
|
|
"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
|
],
|
|
"title": "Default name id policy"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_providers_ws_federation.wsfederationprovider_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_wsfederationprovider",
|
|
"change_wsfederationprovider",
|
|
"delete_wsfederationprovider",
|
|
"view_wsfederationprovider"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_reports.dataexport": {
|
|
"type": "object",
|
|
"properties": {
|
|
"query_params": {
|
|
"type": "object",
|
|
"additionalProperties": true,
|
|
"title": "Query params"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_reports.dataexport_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_dataexport",
|
|
"change_dataexport",
|
|
"delete_dataexport",
|
|
"view_dataexport"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_stages_authenticator_endpoint_gdtc.authenticatorendpointgdtcstage": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"configure_flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Configure flow",
|
|
"description": "Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage."
|
|
},
|
|
"friendly_name": {
|
|
"type": "string",
|
|
"title": "Friendly name"
|
|
},
|
|
"credentials": {
|
|
"type": "object",
|
|
"additionalProperties": true,
|
|
"title": "Credentials"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_stages_authenticator_endpoint_gdtc.authenticatorendpointgdtcstage_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_authenticatorendpointgdtcstage",
|
|
"change_authenticatorendpointgdtcstage",
|
|
"delete_authenticatorendpointgdtcstage",
|
|
"view_authenticatorendpointgdtcstage"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_stages_mtls.mutualtlsstage": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"mode": {
|
|
"type": "string",
|
|
"enum": [
|
|
"optional",
|
|
"required"
|
|
],
|
|
"title": "Mode"
|
|
},
|
|
"certificate_authorities": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"description": "Configure certificate authorities to validate the certificate against. This option has a higher priority than the `client_certificate` option on `Brand`."
|
|
},
|
|
"title": "Certificate authorities",
|
|
"description": "Configure certificate authorities to validate the certificate against. This option has a higher priority than the `client_certificate` option on `Brand`."
|
|
},
|
|
"cert_attribute": {
|
|
"type": "string",
|
|
"enum": [
|
|
"subject",
|
|
"common_name",
|
|
"email"
|
|
],
|
|
"title": "Cert attribute"
|
|
},
|
|
"user_attribute": {
|
|
"type": "string",
|
|
"enum": [
|
|
"username",
|
|
"email"
|
|
],
|
|
"title": "User attribute"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_stages_mtls.mutualtlsstage_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_mutualtlsstage",
|
|
"change_mutualtlsstage",
|
|
"delete_mutualtlsstage",
|
|
"pass_outpost_certificate",
|
|
"view_mutualtlsstage"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_stages_source.sourcestage": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"source": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Source"
|
|
},
|
|
"resume_timeout": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Resume timeout",
|
|
"description": "Amount of time a user can take to return from the source to continue the flow (Format: hours=-1;minutes=-2;seconds=-3)"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_stages_source.sourcestage_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_sourcestage",
|
|
"change_sourcestage",
|
|
"delete_sourcestage",
|
|
"view_sourcestage"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_events.event": {
|
|
"type": "object",
|
|
"properties": {
|
|
"user": {
|
|
"type": "object",
|
|
"additionalProperties": true,
|
|
"title": "User"
|
|
},
|
|
"action": {
|
|
"type": "string",
|
|
"enum": [
|
|
"login",
|
|
"login_failed",
|
|
"logout",
|
|
"user_write",
|
|
"suspicious_request",
|
|
"password_set",
|
|
"secret_view",
|
|
"secret_rotate",
|
|
"invitation_used",
|
|
"authorize_application",
|
|
"source_linked",
|
|
"impersonation_started",
|
|
"impersonation_ended",
|
|
"flow_execution",
|
|
"policy_execution",
|
|
"policy_exception",
|
|
"property_mapping_exception",
|
|
"system_task_execution",
|
|
"system_task_exception",
|
|
"system_exception",
|
|
"configuration_error",
|
|
"configuration_warning",
|
|
"model_created",
|
|
"model_updated",
|
|
"model_deleted",
|
|
"email_sent",
|
|
"update_available",
|
|
"export_ready",
|
|
"review_initiated",
|
|
"review_overdue",
|
|
"review_attested",
|
|
"review_completed",
|
|
"custom_"
|
|
],
|
|
"title": "Action"
|
|
},
|
|
"app": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "App"
|
|
},
|
|
"context": {
|
|
"type": "object",
|
|
"additionalProperties": true,
|
|
"title": "Context"
|
|
},
|
|
"client_ip": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
],
|
|
"minLength": 1,
|
|
"title": "Client ip"
|
|
},
|
|
"expires": {
|
|
"type": "string",
|
|
"format": "date-time",
|
|
"title": "Expires"
|
|
},
|
|
"brand": {
|
|
"type": "object",
|
|
"additionalProperties": true,
|
|
"title": "Brand"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_events.event_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_event",
|
|
"change_event",
|
|
"delete_event",
|
|
"view_event"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_events.notification": {
|
|
"type": "object",
|
|
"properties": {
|
|
"hyperlink": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
],
|
|
"maxLength": 4096,
|
|
"title": "Hyperlink"
|
|
},
|
|
"hyperlink_label": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
],
|
|
"title": "Hyperlink label"
|
|
},
|
|
"event": {
|
|
"type": "object",
|
|
"properties": {
|
|
"user": {
|
|
"type": "object",
|
|
"additionalProperties": true,
|
|
"title": "User"
|
|
},
|
|
"action": {
|
|
"type": "string",
|
|
"enum": [
|
|
"login",
|
|
"login_failed",
|
|
"logout",
|
|
"user_write",
|
|
"suspicious_request",
|
|
"password_set",
|
|
"secret_view",
|
|
"secret_rotate",
|
|
"invitation_used",
|
|
"authorize_application",
|
|
"source_linked",
|
|
"impersonation_started",
|
|
"impersonation_ended",
|
|
"flow_execution",
|
|
"policy_execution",
|
|
"policy_exception",
|
|
"property_mapping_exception",
|
|
"system_task_execution",
|
|
"system_task_exception",
|
|
"system_exception",
|
|
"configuration_error",
|
|
"configuration_warning",
|
|
"model_created",
|
|
"model_updated",
|
|
"model_deleted",
|
|
"email_sent",
|
|
"update_available",
|
|
"export_ready",
|
|
"review_initiated",
|
|
"review_overdue",
|
|
"review_attested",
|
|
"review_completed",
|
|
"custom_"
|
|
],
|
|
"title": "Action"
|
|
},
|
|
"app": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "App"
|
|
},
|
|
"context": {
|
|
"type": "object",
|
|
"additionalProperties": true,
|
|
"title": "Context"
|
|
},
|
|
"client_ip": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
],
|
|
"minLength": 1,
|
|
"title": "Client ip"
|
|
},
|
|
"expires": {
|
|
"type": "string",
|
|
"format": "date-time",
|
|
"title": "Expires"
|
|
},
|
|
"brand": {
|
|
"type": "object",
|
|
"additionalProperties": true,
|
|
"title": "Brand"
|
|
}
|
|
},
|
|
"required": [
|
|
"action",
|
|
"app"
|
|
],
|
|
"title": "Event"
|
|
},
|
|
"seen": {
|
|
"type": "boolean",
|
|
"title": "Seen"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_events.notification_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_notification",
|
|
"change_notification",
|
|
"delete_notification",
|
|
"view_notification"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_events.notificationrule": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"transports": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"description": "Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI."
|
|
},
|
|
"title": "Transports",
|
|
"description": "Select which transports should be used to notify the user. If none are selected, the notification will only be shown in the authentik UI."
|
|
},
|
|
"severity": {
|
|
"type": "string",
|
|
"enum": [
|
|
"notice",
|
|
"warning",
|
|
"alert"
|
|
],
|
|
"title": "Severity",
|
|
"description": "Controls which severity level the created notifications will have."
|
|
},
|
|
"destination_group": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Destination group",
|
|
"description": "Define which group of users this notification should be sent and shown to. If left empty, Notification won't ben sent."
|
|
},
|
|
"destination_event_user": {
|
|
"type": "boolean",
|
|
"title": "Destination event user",
|
|
"description": "When enabled, notification will be sent to user the user that triggered the event.When destination_group is configured, notification is sent to both."
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_events.notificationrule_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_notificationrule",
|
|
"change_notificationrule",
|
|
"delete_notificationrule",
|
|
"view_notificationrule"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_events.notificationtransport": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"mode": {
|
|
"type": "string",
|
|
"enum": [
|
|
"local",
|
|
"webhook",
|
|
"webhook_slack",
|
|
"email"
|
|
],
|
|
"title": "Mode"
|
|
},
|
|
"webhook_url": {
|
|
"type": "string",
|
|
"title": "Webhook url"
|
|
},
|
|
"webhook_ca": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Webhook ca",
|
|
"description": "When set, the selected ceritifcate is used to validate the certificate of the webhook server."
|
|
},
|
|
"webhook_mapping_body": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Webhook mapping body",
|
|
"description": "Customize the body of the request. Mapping should return data that is JSON-serializable."
|
|
},
|
|
"webhook_mapping_headers": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Webhook mapping headers",
|
|
"description": "Configure additional headers to be sent. Mapping should return a dictionary of key-value pairs"
|
|
},
|
|
"email_subject_prefix": {
|
|
"type": "string",
|
|
"title": "Email subject prefix"
|
|
},
|
|
"email_template": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Email template"
|
|
},
|
|
"send_once": {
|
|
"type": "boolean",
|
|
"title": "Send once",
|
|
"description": "Only send notification once, for example when sending a webhook into a chat channel."
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_events.notificationtransport_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_notificationtransport",
|
|
"change_notificationtransport",
|
|
"delete_notificationtransport",
|
|
"view_notificationtransport"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_events.notificationwebhookmapping": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"expression": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Expression"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_events.notificationwebhookmapping_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_notificationwebhookmapping",
|
|
"change_notificationwebhookmapping",
|
|
"delete_notificationwebhookmapping",
|
|
"view_notificationwebhookmapping"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_flows.flow": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"slug": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Slug",
|
|
"description": "Visible in the URL."
|
|
},
|
|
"title": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Title",
|
|
"description": "Shown as the Title in Flow pages."
|
|
},
|
|
"designation": {
|
|
"type": "string",
|
|
"enum": [
|
|
"authentication",
|
|
"authorization",
|
|
"invalidation",
|
|
"enrollment",
|
|
"unenrollment",
|
|
"recovery",
|
|
"stage_configuration"
|
|
],
|
|
"title": "Designation",
|
|
"description": "Decides what this Flow is used for. For example, the Authentication flow is redirect to when an un-authenticated user visits authentik."
|
|
},
|
|
"background": {
|
|
"type": "string",
|
|
"title": "Background",
|
|
"description": "Background shown during execution"
|
|
},
|
|
"policy_engine_mode": {
|
|
"type": "string",
|
|
"enum": [
|
|
"all",
|
|
"any"
|
|
],
|
|
"title": "Policy engine mode"
|
|
},
|
|
"compatibility_mode": {
|
|
"type": "boolean",
|
|
"title": "Compatibility mode",
|
|
"description": "Enable compatibility mode, increases compatibility with password managers on mobile devices."
|
|
},
|
|
"layout": {
|
|
"type": "string",
|
|
"enum": [
|
|
"stacked",
|
|
"content_left",
|
|
"content_right",
|
|
"sidebar_left",
|
|
"sidebar_right",
|
|
"sidebar_left_frame_background",
|
|
"sidebar_right_frame_background"
|
|
],
|
|
"title": "Layout"
|
|
},
|
|
"denied_action": {
|
|
"type": "string",
|
|
"enum": [
|
|
"message_continue",
|
|
"message",
|
|
"continue"
|
|
],
|
|
"title": "Denied action",
|
|
"description": "Configure what should happen when a flow denies access to a user."
|
|
},
|
|
"authentication": {
|
|
"type": "string",
|
|
"enum": [
|
|
"none",
|
|
"require_authenticated",
|
|
"require_unauthenticated",
|
|
"require_superuser",
|
|
"require_redirect",
|
|
"require_outpost",
|
|
"require_token"
|
|
],
|
|
"title": "Authentication",
|
|
"description": "Required level of authentication and authorization to access a flow."
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_flows.flow_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_flow",
|
|
"change_flow",
|
|
"clear_flow_cache",
|
|
"delete_flow",
|
|
"export_flow",
|
|
"inspect_flow",
|
|
"view_flow",
|
|
"view_flow_cache"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_flows.flowstagebinding": {
|
|
"type": "object",
|
|
"properties": {
|
|
"target": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Target"
|
|
},
|
|
"stage": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Stage"
|
|
},
|
|
"evaluate_on_plan": {
|
|
"type": "boolean",
|
|
"title": "Evaluate on plan",
|
|
"description": "Evaluate policies during the Flow planning process."
|
|
},
|
|
"re_evaluate_policies": {
|
|
"type": "boolean",
|
|
"title": "Re evaluate policies",
|
|
"description": "Evaluate policies when the Stage is presented to the user."
|
|
},
|
|
"order": {
|
|
"type": "integer",
|
|
"minimum": -2147483648,
|
|
"maximum": 2147483647,
|
|
"title": "Order"
|
|
},
|
|
"policy_engine_mode": {
|
|
"type": "string",
|
|
"enum": [
|
|
"all",
|
|
"any"
|
|
],
|
|
"title": "Policy engine mode"
|
|
},
|
|
"invalid_response_action": {
|
|
"type": "string",
|
|
"enum": [
|
|
"retry",
|
|
"restart",
|
|
"restart_with_context"
|
|
],
|
|
"title": "Invalid response action",
|
|
"description": "Configure how the flow executor should handle an invalid response to a challenge. RETRY returns the error message and a similar challenge to the executor. RESTART restarts the flow from the beginning, and RESTART_WITH_CONTEXT restarts the flow while keeping the current context."
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_flows.flowstagebinding_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_flowstagebinding",
|
|
"change_flowstagebinding",
|
|
"delete_flowstagebinding",
|
|
"view_flowstagebinding"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_outposts.dockerserviceconnection": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"local": {
|
|
"type": "boolean",
|
|
"title": "Local",
|
|
"description": "If enabled, use the local connection. Required Docker socket/Kubernetes Integration"
|
|
},
|
|
"url": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Url",
|
|
"description": "Can be in the format of 'unix://<path>' when connecting to a local docker daemon, or 'https://<hostname>:2376' when connecting to a remote system."
|
|
},
|
|
"tls_verification": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Tls verification",
|
|
"description": "CA which the endpoint's Certificate is verified against. Can be left empty for no validation."
|
|
},
|
|
"tls_authentication": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Tls authentication",
|
|
"description": "Certificate/Key used for authentication. Can be left empty for no authentication."
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_outposts.dockerserviceconnection_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_dockerserviceconnection",
|
|
"change_dockerserviceconnection",
|
|
"delete_dockerserviceconnection",
|
|
"view_dockerserviceconnection"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_outposts.kubernetesserviceconnection": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"local": {
|
|
"type": "boolean",
|
|
"title": "Local",
|
|
"description": "If enabled, use the local connection. Required Docker socket/Kubernetes Integration"
|
|
},
|
|
"kubeconfig": {
|
|
"type": "object",
|
|
"additionalProperties": true,
|
|
"title": "Kubeconfig",
|
|
"description": "Paste your kubeconfig here. authentik will automatically use the currently selected context."
|
|
},
|
|
"verify_ssl": {
|
|
"type": "boolean",
|
|
"title": "Verify ssl",
|
|
"description": "Verify SSL Certificates of the Kubernetes API endpoint"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_outposts.kubernetesserviceconnection_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_kubernetesserviceconnection",
|
|
"change_kubernetesserviceconnection",
|
|
"delete_kubernetesserviceconnection",
|
|
"view_kubernetesserviceconnection"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_outposts.outpost": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"type": {
|
|
"type": "string",
|
|
"enum": [
|
|
"proxy",
|
|
"ldap",
|
|
"radius",
|
|
"rac"
|
|
],
|
|
"title": "Type"
|
|
},
|
|
"providers": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "integer"
|
|
},
|
|
"title": "Providers"
|
|
},
|
|
"service_connection": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Service connection",
|
|
"description": "Select Service-Connection authentik should use to manage this outpost. Leave empty if authentik should not handle the deployment."
|
|
},
|
|
"config": {
|
|
"type": "object",
|
|
"additionalProperties": true,
|
|
"title": "Config"
|
|
},
|
|
"managed": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
],
|
|
"minLength": 1,
|
|
"title": "Managed by authentik",
|
|
"description": "Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update."
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_outposts.outpost_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_outpost",
|
|
"change_outpost",
|
|
"delete_outpost",
|
|
"view_outpost"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_policies_dummy.dummypolicy": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"execution_logging": {
|
|
"type": "boolean",
|
|
"title": "Execution logging",
|
|
"description": "When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged."
|
|
},
|
|
"result": {
|
|
"type": "boolean",
|
|
"title": "Result"
|
|
},
|
|
"wait_min": {
|
|
"type": "integer",
|
|
"minimum": -2147483648,
|
|
"maximum": 2147483647,
|
|
"title": "Wait min"
|
|
},
|
|
"wait_max": {
|
|
"type": "integer",
|
|
"minimum": -2147483648,
|
|
"maximum": 2147483647,
|
|
"title": "Wait max"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_policies_dummy.dummypolicy_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_dummypolicy",
|
|
"change_dummypolicy",
|
|
"delete_dummypolicy",
|
|
"view_dummypolicy"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_policies_event_matcher.eventmatcherpolicy": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"execution_logging": {
|
|
"type": "boolean",
|
|
"title": "Execution logging",
|
|
"description": "When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged."
|
|
},
|
|
"action": {
|
|
"type": [
|
|
"null",
|
|
"string"
|
|
],
|
|
"enum": [
|
|
null,
|
|
"login",
|
|
"login_failed",
|
|
"logout",
|
|
"user_write",
|
|
"suspicious_request",
|
|
"password_set",
|
|
"secret_view",
|
|
"secret_rotate",
|
|
"invitation_used",
|
|
"authorize_application",
|
|
"source_linked",
|
|
"impersonation_started",
|
|
"impersonation_ended",
|
|
"flow_execution",
|
|
"policy_execution",
|
|
"policy_exception",
|
|
"property_mapping_exception",
|
|
"system_task_execution",
|
|
"system_task_exception",
|
|
"system_exception",
|
|
"configuration_error",
|
|
"configuration_warning",
|
|
"model_created",
|
|
"model_updated",
|
|
"model_deleted",
|
|
"email_sent",
|
|
"update_available",
|
|
"export_ready",
|
|
"review_initiated",
|
|
"review_overdue",
|
|
"review_attested",
|
|
"review_completed",
|
|
"custom_"
|
|
],
|
|
"title": "Action",
|
|
"description": "Match created events with this action type. When left empty, all action types will be matched."
|
|
},
|
|
"client_ip": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
],
|
|
"minLength": 1,
|
|
"title": "Client ip",
|
|
"description": "Matches Event's Client IP (strict matching, for network matching use an Expression Policy)"
|
|
},
|
|
"app": {
|
|
"type": [
|
|
"null",
|
|
"string"
|
|
],
|
|
"enum": [
|
|
null,
|
|
"authentik.commands",
|
|
"authentik.tenants",
|
|
"authentik.tasks",
|
|
"authentik.admin",
|
|
"authentik.api",
|
|
"authentik.core",
|
|
"authentik.crypto",
|
|
"authentik.endpoints",
|
|
"authentik.endpoints.connectors.agent",
|
|
"authentik.enterprise",
|
|
"authentik.events",
|
|
"authentik.admin.files",
|
|
"authentik.flows",
|
|
"authentik.outposts",
|
|
"authentik.policies.dummy",
|
|
"authentik.policies.event_matcher",
|
|
"authentik.policies.expiry",
|
|
"authentik.policies.expression",
|
|
"authentik.policies.geoip",
|
|
"authentik.policies.password",
|
|
"authentik.policies.reputation",
|
|
"authentik.policies",
|
|
"authentik.providers.ldap",
|
|
"authentik.providers.oauth2",
|
|
"authentik.providers.proxy",
|
|
"authentik.providers.rac",
|
|
"authentik.providers.radius",
|
|
"authentik.providers.saml",
|
|
"authentik.providers.scim",
|
|
"authentik.rbac",
|
|
"authentik.recovery",
|
|
"authentik.sources.kerberos",
|
|
"authentik.sources.ldap",
|
|
"authentik.sources.oauth",
|
|
"authentik.sources.plex",
|
|
"authentik.sources.saml",
|
|
"authentik.sources.scim",
|
|
"authentik.sources.telegram",
|
|
"authentik.stages.authenticator",
|
|
"authentik.stages.authenticator_duo",
|
|
"authentik.stages.authenticator_email",
|
|
"authentik.stages.authenticator_sms",
|
|
"authentik.stages.authenticator_static",
|
|
"authentik.stages.authenticator_totp",
|
|
"authentik.stages.authenticator_validate",
|
|
"authentik.stages.authenticator_webauthn",
|
|
"authentik.stages.captcha",
|
|
"authentik.stages.consent",
|
|
"authentik.stages.deny",
|
|
"authentik.stages.dummy",
|
|
"authentik.stages.email",
|
|
"authentik.stages.identification",
|
|
"authentik.stages.invitation",
|
|
"authentik.stages.password",
|
|
"authentik.stages.prompt",
|
|
"authentik.stages.redirect",
|
|
"authentik.stages.user_delete",
|
|
"authentik.stages.user_login",
|
|
"authentik.stages.user_logout",
|
|
"authentik.stages.user_write",
|
|
"authentik.tasks.schedules",
|
|
"authentik.brands",
|
|
"authentik.blueprints",
|
|
"authentik.enterprise.audit",
|
|
"authentik.enterprise.endpoints.connectors.agent",
|
|
"authentik.enterprise.endpoints.connectors.fleet",
|
|
"authentik.enterprise.endpoints.connectors.google_chrome",
|
|
"authentik.enterprise.lifecycle",
|
|
"authentik.enterprise.policies.unique_password",
|
|
"authentik.enterprise.providers.google_workspace",
|
|
"authentik.enterprise.providers.microsoft_entra",
|
|
"authentik.enterprise.providers.radius",
|
|
"authentik.enterprise.providers.scim",
|
|
"authentik.enterprise.providers.ssf",
|
|
"authentik.enterprise.providers.ws_federation",
|
|
"authentik.enterprise.reports",
|
|
"authentik.enterprise.stages.authenticator_endpoint_gdtc",
|
|
"authentik.enterprise.stages.mtls",
|
|
"authentik.enterprise.stages.source"
|
|
],
|
|
"title": "App",
|
|
"description": "Match events created by selected application. When left empty, all applications are matched."
|
|
},
|
|
"model": {
|
|
"type": [
|
|
"null",
|
|
"string"
|
|
],
|
|
"enum": [
|
|
null,
|
|
"authentik_tenants.domain",
|
|
"authentik_core.group",
|
|
"authentik_core.user",
|
|
"authentik_core.application",
|
|
"authentik_core.applicationentitlement",
|
|
"authentik_core.token",
|
|
"authentik_crypto.certificatekeypair",
|
|
"authentik_endpoints.deviceuserbinding",
|
|
"authentik_endpoints.deviceaccessgroup",
|
|
"authentik_endpoints.endpointstage",
|
|
"authentik_endpoints_connectors_agent.agentconnector",
|
|
"authentik_endpoints_connectors_agent.agentdeviceuserbinding",
|
|
"authentik_endpoints_connectors_agent.enrollmenttoken",
|
|
"authentik_enterprise.license",
|
|
"authentik_events.event",
|
|
"authentik_events.notificationtransport",
|
|
"authentik_events.notification",
|
|
"authentik_events.notificationrule",
|
|
"authentik_events.notificationwebhookmapping",
|
|
"authentik_flows.flow",
|
|
"authentik_flows.flowstagebinding",
|
|
"authentik_outposts.dockerserviceconnection",
|
|
"authentik_outposts.kubernetesserviceconnection",
|
|
"authentik_outposts.outpost",
|
|
"authentik_policies_dummy.dummypolicy",
|
|
"authentik_policies_event_matcher.eventmatcherpolicy",
|
|
"authentik_policies_expiry.passwordexpirypolicy",
|
|
"authentik_policies_expression.expressionpolicy",
|
|
"authentik_policies_geoip.geoippolicy",
|
|
"authentik_policies_password.passwordpolicy",
|
|
"authentik_policies_reputation.reputationpolicy",
|
|
"authentik_policies.policybinding",
|
|
"authentik_providers_ldap.ldapprovider",
|
|
"authentik_providers_oauth2.scopemapping",
|
|
"authentik_providers_oauth2.oauth2provider",
|
|
"authentik_providers_proxy.proxyprovider",
|
|
"authentik_providers_rac.racprovider",
|
|
"authentik_providers_rac.endpoint",
|
|
"authentik_providers_rac.racpropertymapping",
|
|
"authentik_providers_radius.radiusprovider",
|
|
"authentik_providers_radius.radiusproviderpropertymapping",
|
|
"authentik_providers_saml.samlprovider",
|
|
"authentik_providers_saml.samlpropertymapping",
|
|
"authentik_providers_scim.scimprovider",
|
|
"authentik_providers_scim.scimmapping",
|
|
"authentik_rbac.role",
|
|
"authentik_rbac.initialpermissions",
|
|
"authentik_sources_kerberos.kerberossource",
|
|
"authentik_sources_kerberos.kerberossourcepropertymapping",
|
|
"authentik_sources_kerberos.userkerberossourceconnection",
|
|
"authentik_sources_kerberos.groupkerberossourceconnection",
|
|
"authentik_sources_ldap.ldapsource",
|
|
"authentik_sources_ldap.ldapsourcepropertymapping",
|
|
"authentik_sources_ldap.userldapsourceconnection",
|
|
"authentik_sources_ldap.groupldapsourceconnection",
|
|
"authentik_sources_oauth.oauthsource",
|
|
"authentik_sources_oauth.oauthsourcepropertymapping",
|
|
"authentik_sources_oauth.useroauthsourceconnection",
|
|
"authentik_sources_oauth.groupoauthsourceconnection",
|
|
"authentik_sources_plex.plexsource",
|
|
"authentik_sources_plex.plexsourcepropertymapping",
|
|
"authentik_sources_plex.userplexsourceconnection",
|
|
"authentik_sources_plex.groupplexsourceconnection",
|
|
"authentik_sources_saml.samlsource",
|
|
"authentik_sources_saml.samlsourcepropertymapping",
|
|
"authentik_sources_saml.usersamlsourceconnection",
|
|
"authentik_sources_saml.groupsamlsourceconnection",
|
|
"authentik_sources_scim.scimsource",
|
|
"authentik_sources_scim.scimsourcepropertymapping",
|
|
"authentik_sources_telegram.telegramsource",
|
|
"authentik_sources_telegram.telegramsourcepropertymapping",
|
|
"authentik_sources_telegram.usertelegramsourceconnection",
|
|
"authentik_sources_telegram.grouptelegramsourceconnection",
|
|
"authentik_stages_authenticator_duo.authenticatorduostage",
|
|
"authentik_stages_authenticator_duo.duodevice",
|
|
"authentik_stages_authenticator_email.authenticatoremailstage",
|
|
"authentik_stages_authenticator_email.emaildevice",
|
|
"authentik_stages_authenticator_sms.authenticatorsmsstage",
|
|
"authentik_stages_authenticator_sms.smsdevice",
|
|
"authentik_stages_authenticator_static.authenticatorstaticstage",
|
|
"authentik_stages_authenticator_static.staticdevice",
|
|
"authentik_stages_authenticator_totp.authenticatortotpstage",
|
|
"authentik_stages_authenticator_totp.totpdevice",
|
|
"authentik_stages_authenticator_validate.authenticatorvalidatestage",
|
|
"authentik_stages_authenticator_webauthn.authenticatorwebauthnstage",
|
|
"authentik_stages_authenticator_webauthn.webauthndevice",
|
|
"authentik_stages_captcha.captchastage",
|
|
"authentik_stages_consent.consentstage",
|
|
"authentik_stages_deny.denystage",
|
|
"authentik_stages_dummy.dummystage",
|
|
"authentik_stages_email.emailstage",
|
|
"authentik_stages_identification.identificationstage",
|
|
"authentik_stages_invitation.invitationstage",
|
|
"authentik_stages_invitation.invitation",
|
|
"authentik_stages_password.passwordstage",
|
|
"authentik_stages_prompt.prompt",
|
|
"authentik_stages_prompt.promptstage",
|
|
"authentik_stages_redirect.redirectstage",
|
|
"authentik_stages_user_delete.userdeletestage",
|
|
"authentik_stages_user_login.userloginstage",
|
|
"authentik_stages_user_logout.userlogoutstage",
|
|
"authentik_stages_user_write.userwritestage",
|
|
"authentik_tasks_schedules.schedule",
|
|
"authentik_brands.brand",
|
|
"authentik_blueprints.blueprintinstance",
|
|
"authentik_endpoints_connectors_fleet.fleetconnector",
|
|
"authentik_endpoints_connectors_google_chrome.googlechromeconnector",
|
|
"authentik_lifecycle.lifecyclerule",
|
|
"authentik_lifecycle.lifecycleiteration",
|
|
"authentik_lifecycle.review",
|
|
"authentik_policies_unique_password.uniquepasswordpolicy",
|
|
"authentik_providers_google_workspace.googleworkspaceprovider",
|
|
"authentik_providers_google_workspace.googleworkspaceprovidermapping",
|
|
"authentik_providers_microsoft_entra.microsoftentraprovider",
|
|
"authentik_providers_microsoft_entra.microsoftentraprovidermapping",
|
|
"authentik_providers_ssf.ssfprovider",
|
|
"authentik_providers_ws_federation.wsfederationprovider",
|
|
"authentik_reports.dataexport",
|
|
"authentik_stages_authenticator_endpoint_gdtc.authenticatorendpointgdtcstage",
|
|
"authentik_stages_mtls.mutualtlsstage",
|
|
"authentik_stages_source.sourcestage"
|
|
],
|
|
"title": "Model",
|
|
"description": "Match events created by selected model. When left empty, all models are matched. When an app is selected, all the application's models are matched."
|
|
},
|
|
"query": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
],
|
|
"minLength": 1,
|
|
"title": "Query"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_policies_event_matcher.eventmatcherpolicy_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_eventmatcherpolicy",
|
|
"change_eventmatcherpolicy",
|
|
"delete_eventmatcherpolicy",
|
|
"view_eventmatcherpolicy"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_policies_expiry.passwordexpirypolicy": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"execution_logging": {
|
|
"type": "boolean",
|
|
"title": "Execution logging",
|
|
"description": "When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged."
|
|
},
|
|
"days": {
|
|
"type": "integer",
|
|
"minimum": -2147483648,
|
|
"maximum": 2147483647,
|
|
"title": "Days"
|
|
},
|
|
"deny_only": {
|
|
"type": "boolean",
|
|
"title": "Deny only"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_policies_expiry.passwordexpirypolicy_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_passwordexpirypolicy",
|
|
"change_passwordexpirypolicy",
|
|
"delete_passwordexpirypolicy",
|
|
"view_passwordexpirypolicy"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_policies_expression.expressionpolicy": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"execution_logging": {
|
|
"type": "boolean",
|
|
"title": "Execution logging",
|
|
"description": "When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged."
|
|
},
|
|
"expression": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Expression"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_policies_expression.expressionpolicy_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_expressionpolicy",
|
|
"change_expressionpolicy",
|
|
"delete_expressionpolicy",
|
|
"view_expressionpolicy"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_policies_geoip.geoippolicy": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"execution_logging": {
|
|
"type": "boolean",
|
|
"title": "Execution logging",
|
|
"description": "When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged."
|
|
},
|
|
"asns": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "integer",
|
|
"minimum": -2147483648,
|
|
"maximum": 2147483647,
|
|
"title": "Asns"
|
|
},
|
|
"title": "Asns"
|
|
},
|
|
"countries": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"enum": [
|
|
"",
|
|
"AF",
|
|
"AX",
|
|
"AL",
|
|
"DZ",
|
|
"AS",
|
|
"AD",
|
|
"AO",
|
|
"AI",
|
|
"AQ",
|
|
"AG",
|
|
"AR",
|
|
"AM",
|
|
"AW",
|
|
"AU",
|
|
"AT",
|
|
"AZ",
|
|
"BS",
|
|
"BH",
|
|
"BD",
|
|
"BB",
|
|
"BY",
|
|
"BE",
|
|
"BZ",
|
|
"BJ",
|
|
"BM",
|
|
"BT",
|
|
"BO",
|
|
"BQ",
|
|
"BA",
|
|
"BW",
|
|
"BV",
|
|
"BR",
|
|
"IO",
|
|
"BN",
|
|
"BG",
|
|
"BF",
|
|
"BI",
|
|
"CV",
|
|
"KH",
|
|
"CM",
|
|
"CA",
|
|
"KY",
|
|
"CF",
|
|
"TD",
|
|
"CL",
|
|
"CN",
|
|
"CX",
|
|
"CC",
|
|
"CO",
|
|
"KM",
|
|
"CG",
|
|
"CK",
|
|
"CR",
|
|
"CI",
|
|
"HR",
|
|
"CU",
|
|
"CW",
|
|
"CY",
|
|
"CZ",
|
|
"CD",
|
|
"DK",
|
|
"DJ",
|
|
"DM",
|
|
"DO",
|
|
"EC",
|
|
"EG",
|
|
"SV",
|
|
"GQ",
|
|
"ER",
|
|
"EE",
|
|
"SZ",
|
|
"ET",
|
|
"FK",
|
|
"FO",
|
|
"FJ",
|
|
"FI",
|
|
"FR",
|
|
"GF",
|
|
"PF",
|
|
"TF",
|
|
"GA",
|
|
"GM",
|
|
"GE",
|
|
"DE",
|
|
"GH",
|
|
"GI",
|
|
"GR",
|
|
"GL",
|
|
"GD",
|
|
"GP",
|
|
"GU",
|
|
"GT",
|
|
"GG",
|
|
"GN",
|
|
"GW",
|
|
"GY",
|
|
"HT",
|
|
"HM",
|
|
"HN",
|
|
"HK",
|
|
"HU",
|
|
"IS",
|
|
"IN",
|
|
"ID",
|
|
"IR",
|
|
"IQ",
|
|
"IE",
|
|
"IM",
|
|
"IL",
|
|
"IT",
|
|
"JM",
|
|
"JP",
|
|
"JE",
|
|
"JO",
|
|
"KZ",
|
|
"KE",
|
|
"KI",
|
|
"KW",
|
|
"KG",
|
|
"LA",
|
|
"LV",
|
|
"LB",
|
|
"LS",
|
|
"LR",
|
|
"LY",
|
|
"LI",
|
|
"LT",
|
|
"LU",
|
|
"MO",
|
|
"MG",
|
|
"MW",
|
|
"MY",
|
|
"MV",
|
|
"ML",
|
|
"MT",
|
|
"MH",
|
|
"MQ",
|
|
"MR",
|
|
"MU",
|
|
"YT",
|
|
"MX",
|
|
"FM",
|
|
"MD",
|
|
"MC",
|
|
"MN",
|
|
"ME",
|
|
"MS",
|
|
"MA",
|
|
"MZ",
|
|
"MM",
|
|
"NA",
|
|
"NR",
|
|
"NP",
|
|
"NL",
|
|
"NC",
|
|
"NZ",
|
|
"NI",
|
|
"NE",
|
|
"NG",
|
|
"NU",
|
|
"NF",
|
|
"KP",
|
|
"MK",
|
|
"MP",
|
|
"NO",
|
|
"OM",
|
|
"PK",
|
|
"PW",
|
|
"PS",
|
|
"PA",
|
|
"PG",
|
|
"PY",
|
|
"PE",
|
|
"PH",
|
|
"PN",
|
|
"PL",
|
|
"PT",
|
|
"PR",
|
|
"QA",
|
|
"RE",
|
|
"RO",
|
|
"RU",
|
|
"RW",
|
|
"BL",
|
|
"SH",
|
|
"KN",
|
|
"LC",
|
|
"MF",
|
|
"PM",
|
|
"VC",
|
|
"WS",
|
|
"SM",
|
|
"ST",
|
|
"SA",
|
|
"SN",
|
|
"RS",
|
|
"SC",
|
|
"SL",
|
|
"SG",
|
|
"SX",
|
|
"SK",
|
|
"SI",
|
|
"SB",
|
|
"SO",
|
|
"ZA",
|
|
"GS",
|
|
"KR",
|
|
"SS",
|
|
"ES",
|
|
"LK",
|
|
"SD",
|
|
"SR",
|
|
"SJ",
|
|
"SE",
|
|
"CH",
|
|
"SY",
|
|
"TW",
|
|
"TJ",
|
|
"TZ",
|
|
"TH",
|
|
"TL",
|
|
"TG",
|
|
"TK",
|
|
"TO",
|
|
"TT",
|
|
"TN",
|
|
"TR",
|
|
"TM",
|
|
"TC",
|
|
"TV",
|
|
"UG",
|
|
"UA",
|
|
"AE",
|
|
"GB",
|
|
"UM",
|
|
"US",
|
|
"UY",
|
|
"UZ",
|
|
"VU",
|
|
"VA",
|
|
"VE",
|
|
"VN",
|
|
"VG",
|
|
"VI",
|
|
"WF",
|
|
"EH",
|
|
"YE",
|
|
"ZM",
|
|
"ZW"
|
|
]
|
|
},
|
|
"maxItems": 249,
|
|
"title": "Countries"
|
|
},
|
|
"check_history_distance": {
|
|
"type": "boolean",
|
|
"title": "Check history distance"
|
|
},
|
|
"history_max_distance_km": {
|
|
"type": "integer",
|
|
"minimum": 0,
|
|
"maximum": 9223372036854775807,
|
|
"title": "History max distance km"
|
|
},
|
|
"distance_tolerance_km": {
|
|
"type": "integer",
|
|
"minimum": 0,
|
|
"maximum": 2147483647,
|
|
"title": "Distance tolerance km"
|
|
},
|
|
"history_login_count": {
|
|
"type": "integer",
|
|
"minimum": 0,
|
|
"maximum": 2147483647,
|
|
"title": "History login count"
|
|
},
|
|
"check_impossible_travel": {
|
|
"type": "boolean",
|
|
"title": "Check impossible travel"
|
|
},
|
|
"impossible_tolerance_km": {
|
|
"type": "integer",
|
|
"minimum": 0,
|
|
"maximum": 2147483647,
|
|
"title": "Impossible tolerance km"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_policies_geoip.geoippolicy_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_geoippolicy",
|
|
"change_geoippolicy",
|
|
"delete_geoippolicy",
|
|
"view_geoippolicy"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_policies.policybinding": {
|
|
"type": "object",
|
|
"properties": {
|
|
"policy": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Policy"
|
|
},
|
|
"group": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Group"
|
|
},
|
|
"user": {
|
|
"type": "integer",
|
|
"title": "User"
|
|
},
|
|
"target": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Target"
|
|
},
|
|
"negate": {
|
|
"type": "boolean",
|
|
"title": "Negate",
|
|
"description": "Negates the outcome of the policy. Messages are unaffected."
|
|
},
|
|
"enabled": {
|
|
"type": "boolean",
|
|
"title": "Enabled"
|
|
},
|
|
"order": {
|
|
"type": "integer",
|
|
"minimum": -2147483648,
|
|
"maximum": 2147483647,
|
|
"title": "Order"
|
|
},
|
|
"timeout": {
|
|
"type": "integer",
|
|
"minimum": 0,
|
|
"maximum": 2147483647,
|
|
"title": "Timeout",
|
|
"description": "Timeout after which Policy execution is terminated."
|
|
},
|
|
"failure_result": {
|
|
"type": "boolean",
|
|
"title": "Failure result",
|
|
"description": "Result if the Policy execution fails."
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_policies.policybinding_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_policybinding",
|
|
"change_policybinding",
|
|
"delete_policybinding",
|
|
"view_policybinding"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_policies_password.passwordpolicy": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"execution_logging": {
|
|
"type": "boolean",
|
|
"title": "Execution logging",
|
|
"description": "When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged."
|
|
},
|
|
"password_field": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Password field",
|
|
"description": "Field key to check, field keys defined in Prompt stages are available."
|
|
},
|
|
"amount_digits": {
|
|
"type": "integer",
|
|
"minimum": 0,
|
|
"maximum": 2147483647,
|
|
"title": "Amount digits"
|
|
},
|
|
"amount_uppercase": {
|
|
"type": "integer",
|
|
"minimum": 0,
|
|
"maximum": 2147483647,
|
|
"title": "Amount uppercase"
|
|
},
|
|
"amount_lowercase": {
|
|
"type": "integer",
|
|
"minimum": 0,
|
|
"maximum": 2147483647,
|
|
"title": "Amount lowercase"
|
|
},
|
|
"amount_symbols": {
|
|
"type": "integer",
|
|
"minimum": 0,
|
|
"maximum": 2147483647,
|
|
"title": "Amount symbols"
|
|
},
|
|
"length_min": {
|
|
"type": "integer",
|
|
"minimum": 0,
|
|
"maximum": 2147483647,
|
|
"title": "Length min"
|
|
},
|
|
"symbol_charset": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Symbol charset"
|
|
},
|
|
"error_message": {
|
|
"type": "string",
|
|
"title": "Error message"
|
|
},
|
|
"check_static_rules": {
|
|
"type": "boolean",
|
|
"title": "Check static rules"
|
|
},
|
|
"check_have_i_been_pwned": {
|
|
"type": "boolean",
|
|
"title": "Check have i been pwned"
|
|
},
|
|
"check_zxcvbn": {
|
|
"type": "boolean",
|
|
"title": "Check zxcvbn"
|
|
},
|
|
"hibp_allowed_count": {
|
|
"type": "integer",
|
|
"minimum": 0,
|
|
"maximum": 2147483647,
|
|
"title": "Hibp allowed count",
|
|
"description": "How many times the password hash is allowed to be on haveibeenpwned"
|
|
},
|
|
"zxcvbn_score_threshold": {
|
|
"type": "integer",
|
|
"minimum": 0,
|
|
"maximum": 2147483647,
|
|
"title": "Zxcvbn score threshold",
|
|
"description": "If the zxcvbn score is equal or less than this value, the policy will fail."
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_policies_password.passwordpolicy_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_passwordpolicy",
|
|
"change_passwordpolicy",
|
|
"delete_passwordpolicy",
|
|
"view_passwordpolicy"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_policies_reputation.reputationpolicy": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"execution_logging": {
|
|
"type": "boolean",
|
|
"title": "Execution logging",
|
|
"description": "When this option is enabled, all executions of this policy will be logged. By default, only execution errors are logged."
|
|
},
|
|
"check_ip": {
|
|
"type": "boolean",
|
|
"title": "Check ip"
|
|
},
|
|
"check_username": {
|
|
"type": "boolean",
|
|
"title": "Check username"
|
|
},
|
|
"threshold": {
|
|
"type": "integer",
|
|
"minimum": -2147483648,
|
|
"maximum": 2147483647,
|
|
"title": "Threshold"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_policies_reputation.reputationpolicy_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_reputationpolicy",
|
|
"change_reputationpolicy",
|
|
"delete_reputationpolicy",
|
|
"view_reputationpolicy"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_providers_ldap.ldapprovider": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"authentication_flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Authentication flow",
|
|
"description": "Flow used for authentication when the associated application is accessed by an un-authenticated user."
|
|
},
|
|
"authorization_flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Authorization flow",
|
|
"description": "Flow used when authorizing this provider."
|
|
},
|
|
"invalidation_flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Invalidation flow",
|
|
"description": "Flow used ending the session from a provider."
|
|
},
|
|
"property_mappings": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"format": "uuid"
|
|
},
|
|
"title": "Property mappings"
|
|
},
|
|
"base_dn": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Base dn",
|
|
"description": "DN under which objects are accessible."
|
|
},
|
|
"certificate": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Certificate"
|
|
},
|
|
"tls_server_name": {
|
|
"type": "string",
|
|
"title": "Tls server name"
|
|
},
|
|
"uid_start_number": {
|
|
"type": "integer",
|
|
"minimum": -2147483648,
|
|
"maximum": 2147483647,
|
|
"title": "Uid start number",
|
|
"description": "The start for uidNumbers, this number is added to the user.pk to make sure that the numbers aren't too low for POSIX users. Default is 2000 to ensure that we don't collide with local users uidNumber"
|
|
},
|
|
"gid_start_number": {
|
|
"type": "integer",
|
|
"minimum": -2147483648,
|
|
"maximum": 2147483647,
|
|
"title": "Gid start number",
|
|
"description": "The start for gidNumbers, this number is added to a number generated from the group.pk to make sure that the numbers aren't too low for POSIX groups. Default is 4000 to ensure that we don't collide with local groups or users primary groups gidNumber"
|
|
},
|
|
"search_mode": {
|
|
"type": "string",
|
|
"enum": [
|
|
"direct",
|
|
"cached"
|
|
],
|
|
"title": "Search mode"
|
|
},
|
|
"bind_mode": {
|
|
"type": "string",
|
|
"enum": [
|
|
"direct",
|
|
"cached"
|
|
],
|
|
"title": "Bind mode"
|
|
},
|
|
"mfa_support": {
|
|
"type": "boolean",
|
|
"title": "MFA Support",
|
|
"description": "When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon."
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_providers_ldap.ldapprovider_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_ldapprovider",
|
|
"change_ldapprovider",
|
|
"delete_ldapprovider",
|
|
"search_full_directory",
|
|
"view_ldapprovider"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_providers_oauth2.oauth2provider": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"authentication_flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Authentication flow",
|
|
"description": "Flow used for authentication when the associated application is accessed by an un-authenticated user."
|
|
},
|
|
"authorization_flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Authorization flow",
|
|
"description": "Flow used when authorizing this provider."
|
|
},
|
|
"invalidation_flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Invalidation flow",
|
|
"description": "Flow used ending the session from a provider."
|
|
},
|
|
"property_mappings": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"format": "uuid"
|
|
},
|
|
"title": "Property mappings"
|
|
},
|
|
"client_type": {
|
|
"type": "string",
|
|
"enum": [
|
|
"confidential",
|
|
"public"
|
|
],
|
|
"title": "Client Type",
|
|
"description": "Confidential clients are capable of maintaining the confidentiality of their credentials. Public clients are incapable"
|
|
},
|
|
"client_id": {
|
|
"type": "string",
|
|
"maxLength": 255,
|
|
"minLength": 1,
|
|
"title": "Client ID"
|
|
},
|
|
"client_secret": {
|
|
"type": "string",
|
|
"maxLength": 255,
|
|
"title": "Client Secret"
|
|
},
|
|
"access_code_validity": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Access code validity",
|
|
"description": "Access codes not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)."
|
|
},
|
|
"access_token_validity": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Access token validity",
|
|
"description": "Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)."
|
|
},
|
|
"refresh_token_validity": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Refresh token validity",
|
|
"description": "Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)."
|
|
},
|
|
"refresh_token_threshold": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Refresh token threshold",
|
|
"description": "When refreshing a token, if the refresh token is valid for less than this duration, it will be renewed. When set to seconds=0, token will always be renewed. (Format: hours=1;minutes=2;seconds=3)."
|
|
},
|
|
"include_claims_in_id_token": {
|
|
"type": "boolean",
|
|
"title": "Include claims in id_token",
|
|
"description": "Include User claims from scopes in the id_token, for applications that don't access the userinfo endpoint."
|
|
},
|
|
"signing_key": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Signing Key",
|
|
"description": "Key used to sign the tokens."
|
|
},
|
|
"encryption_key": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Encryption Key",
|
|
"description": "Key used to encrypt the tokens. When set, tokens will be encrypted and returned as JWEs."
|
|
},
|
|
"redirect_uris": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"properties": {
|
|
"matching_mode": {
|
|
"type": "string",
|
|
"enum": [
|
|
"strict",
|
|
"regex"
|
|
],
|
|
"title": "Matching mode"
|
|
},
|
|
"url": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Url"
|
|
},
|
|
"redirect_uri_type": {
|
|
"type": "string",
|
|
"enum": [
|
|
"authorization",
|
|
"logout"
|
|
],
|
|
"title": "Redirect uri type"
|
|
}
|
|
},
|
|
"required": [
|
|
"matching_mode",
|
|
"url"
|
|
]
|
|
},
|
|
"title": "Redirect uris"
|
|
},
|
|
"logout_uri": {
|
|
"type": "string",
|
|
"title": "Logout URI"
|
|
},
|
|
"logout_method": {
|
|
"type": "string",
|
|
"enum": [
|
|
"backchannel",
|
|
"frontchannel"
|
|
],
|
|
"title": "Logout Method",
|
|
"description": "Backchannel logs out with server to server calls. Frontchannel uses iframes in your browser"
|
|
},
|
|
"sub_mode": {
|
|
"type": "string",
|
|
"enum": [
|
|
"hashed_user_id",
|
|
"user_id",
|
|
"user_uuid",
|
|
"user_username",
|
|
"user_email",
|
|
"user_upn"
|
|
],
|
|
"title": "Sub mode",
|
|
"description": "Configure what data should be used as unique User Identifier. For most cases, the default should be fine."
|
|
},
|
|
"issuer_mode": {
|
|
"type": "string",
|
|
"enum": [
|
|
"global",
|
|
"per_provider"
|
|
],
|
|
"title": "Issuer mode",
|
|
"description": "Configure how the issuer field of the ID Token should be filled."
|
|
},
|
|
"jwt_federation_sources": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "integer",
|
|
"title": "Any JWT signed by the JWK of the selected source can be used to authenticate."
|
|
},
|
|
"title": "Any JWT signed by the JWK of the selected source can be used to authenticate."
|
|
},
|
|
"jwt_federation_providers": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "integer"
|
|
},
|
|
"title": "Jwt federation providers"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_providers_oauth2.oauth2provider_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_oauth2provider",
|
|
"change_oauth2provider",
|
|
"delete_oauth2provider",
|
|
"view_oauth2provider"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_providers_oauth2.scopemapping": {
|
|
"type": "object",
|
|
"properties": {
|
|
"managed": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
],
|
|
"minLength": 1,
|
|
"title": "Managed by authentik",
|
|
"description": "Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update."
|
|
},
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"expression": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Expression"
|
|
},
|
|
"scope_name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Scope name",
|
|
"description": "Scope name requested by the client"
|
|
},
|
|
"description": {
|
|
"type": "string",
|
|
"title": "Description",
|
|
"description": "Description shown to the user when consenting. If left empty, the user won't be informed."
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_providers_oauth2.scopemapping_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_scopemapping",
|
|
"change_scopemapping",
|
|
"delete_scopemapping",
|
|
"view_scopemapping"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_providers_proxy.proxyprovider": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"authentication_flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Authentication flow",
|
|
"description": "Flow used for authentication when the associated application is accessed by an un-authenticated user."
|
|
},
|
|
"authorization_flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Authorization flow",
|
|
"description": "Flow used when authorizing this provider."
|
|
},
|
|
"invalidation_flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Invalidation flow",
|
|
"description": "Flow used ending the session from a provider."
|
|
},
|
|
"property_mappings": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"format": "uuid"
|
|
},
|
|
"title": "Property mappings"
|
|
},
|
|
"internal_host": {
|
|
"type": "string",
|
|
"title": "Internal host"
|
|
},
|
|
"external_host": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "External host"
|
|
},
|
|
"internal_host_ssl_validation": {
|
|
"type": "boolean",
|
|
"title": "Internal host SSL Validation",
|
|
"description": "Validate SSL Certificates of upstream servers"
|
|
},
|
|
"certificate": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Certificate"
|
|
},
|
|
"skip_path_regex": {
|
|
"type": "string",
|
|
"title": "Skip path regex",
|
|
"description": "Regular expressions for which authentication is not required. Each new line is interpreted as a new Regular Expression."
|
|
},
|
|
"basic_auth_enabled": {
|
|
"type": "boolean",
|
|
"title": "Set HTTP-Basic Authentication",
|
|
"description": "Set a custom HTTP-Basic Authentication header based on values from authentik."
|
|
},
|
|
"basic_auth_password_attribute": {
|
|
"type": "string",
|
|
"title": "HTTP-Basic Password Key",
|
|
"description": "User/Group Attribute used for the password part of the HTTP-Basic Header."
|
|
},
|
|
"basic_auth_user_attribute": {
|
|
"type": "string",
|
|
"title": "HTTP-Basic Username Key",
|
|
"description": "User/Group Attribute used for the user part of the HTTP-Basic Header. If not set, the user's Email address is used."
|
|
},
|
|
"mode": {
|
|
"type": "string",
|
|
"enum": [
|
|
"proxy",
|
|
"forward_single",
|
|
"forward_domain"
|
|
],
|
|
"title": "Mode",
|
|
"description": "Enable support for forwardAuth in traefik and nginx auth_request. Exclusive with internal_host."
|
|
},
|
|
"intercept_header_auth": {
|
|
"type": "boolean",
|
|
"title": "Intercept header auth",
|
|
"description": "When enabled, this provider will intercept the authorization header and authenticate requests based on its value."
|
|
},
|
|
"cookie_domain": {
|
|
"type": "string",
|
|
"title": "Cookie domain"
|
|
},
|
|
"jwt_federation_sources": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "integer",
|
|
"title": "Any JWT signed by the JWK of the selected source can be used to authenticate."
|
|
},
|
|
"title": "Any JWT signed by the JWK of the selected source can be used to authenticate."
|
|
},
|
|
"jwt_federation_providers": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "integer"
|
|
},
|
|
"title": "Jwt federation providers"
|
|
},
|
|
"access_token_validity": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Access token validity",
|
|
"description": "Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)."
|
|
},
|
|
"refresh_token_validity": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Refresh token validity",
|
|
"description": "Tokens not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)."
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_providers_proxy.proxyprovider_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_proxyprovider",
|
|
"change_proxyprovider",
|
|
"delete_proxyprovider",
|
|
"view_proxyprovider"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_providers_rac.endpoint": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"provider": {
|
|
"type": "integer",
|
|
"title": "Provider"
|
|
},
|
|
"protocol": {
|
|
"type": "string",
|
|
"enum": [
|
|
"rdp",
|
|
"vnc",
|
|
"ssh"
|
|
],
|
|
"title": "Protocol"
|
|
},
|
|
"host": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Host"
|
|
},
|
|
"settings": {
|
|
"type": "object",
|
|
"additionalProperties": true,
|
|
"title": "Settings"
|
|
},
|
|
"property_mappings": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"format": "uuid"
|
|
},
|
|
"title": "Property mappings"
|
|
},
|
|
"auth_mode": {
|
|
"type": "string",
|
|
"enum": [
|
|
"static",
|
|
"prompt"
|
|
],
|
|
"title": "Auth mode"
|
|
},
|
|
"maximum_connections": {
|
|
"type": "integer",
|
|
"minimum": -2147483648,
|
|
"maximum": 2147483647,
|
|
"title": "Maximum connections"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_providers_rac.endpoint_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_endpoint",
|
|
"change_endpoint",
|
|
"delete_endpoint",
|
|
"view_endpoint"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_providers_rac.racpropertymapping": {
|
|
"type": "object",
|
|
"properties": {
|
|
"managed": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
],
|
|
"minLength": 1,
|
|
"title": "Managed by authentik",
|
|
"description": "Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update."
|
|
},
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"expression": {
|
|
"type": "string",
|
|
"title": "Expression"
|
|
},
|
|
"static_settings": {
|
|
"type": "object",
|
|
"additionalProperties": true,
|
|
"title": "Static settings"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_providers_rac.racpropertymapping_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_racpropertymapping",
|
|
"change_racpropertymapping",
|
|
"delete_racpropertymapping",
|
|
"view_racpropertymapping"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_providers_rac.racprovider": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"authentication_flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Authentication flow",
|
|
"description": "Flow used for authentication when the associated application is accessed by an un-authenticated user."
|
|
},
|
|
"authorization_flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Authorization flow",
|
|
"description": "Flow used when authorizing this provider."
|
|
},
|
|
"property_mappings": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"format": "uuid"
|
|
},
|
|
"title": "Property mappings"
|
|
},
|
|
"settings": {
|
|
"type": "object",
|
|
"additionalProperties": true,
|
|
"title": "Settings"
|
|
},
|
|
"connection_expiry": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Connection expiry",
|
|
"description": "Determines how long a session lasts. Default of 0 means that the sessions lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)"
|
|
},
|
|
"delete_token_on_disconnect": {
|
|
"type": "boolean",
|
|
"title": "Delete token on disconnect",
|
|
"description": "When set to true, connection tokens will be deleted upon disconnect."
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_providers_rac.racprovider_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_racprovider",
|
|
"change_racprovider",
|
|
"delete_racprovider",
|
|
"view_racprovider"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_providers_radius.radiusprovider": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"authentication_flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Authentication flow",
|
|
"description": "Flow used for authentication when the associated application is accessed by an un-authenticated user."
|
|
},
|
|
"authorization_flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Authorization flow",
|
|
"description": "Flow used when authorizing this provider."
|
|
},
|
|
"invalidation_flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Invalidation flow",
|
|
"description": "Flow used ending the session from a provider."
|
|
},
|
|
"property_mappings": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"format": "uuid"
|
|
},
|
|
"title": "Property mappings"
|
|
},
|
|
"client_networks": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Client networks",
|
|
"description": "List of CIDRs (comma-separated) that clients can connect from. A more specific CIDR will match before a looser one. Clients connecting from a non-specified CIDR will be dropped."
|
|
},
|
|
"shared_secret": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Shared secret",
|
|
"description": "Shared secret between clients and server to hash packets."
|
|
},
|
|
"mfa_support": {
|
|
"type": "boolean",
|
|
"title": "MFA Support",
|
|
"description": "When enabled, code-based multi-factor authentication can be used by appending a semicolon and the TOTP code to the password. This should only be enabled if all users that will bind to this provider have a TOTP device configured, as otherwise a password may incorrectly be rejected if it contains a semicolon."
|
|
},
|
|
"certificate": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Certificate"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_providers_radius.radiusprovider_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_radiusprovider",
|
|
"change_radiusprovider",
|
|
"delete_radiusprovider",
|
|
"view_radiusprovider"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_providers_radius.radiusproviderpropertymapping": {
|
|
"type": "object",
|
|
"properties": {
|
|
"managed": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
],
|
|
"minLength": 1,
|
|
"title": "Managed by authentik",
|
|
"description": "Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update."
|
|
},
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"expression": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Expression"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_providers_radius.radiusproviderpropertymapping_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_radiusproviderpropertymapping",
|
|
"change_radiusproviderpropertymapping",
|
|
"delete_radiusproviderpropertymapping",
|
|
"view_radiusproviderpropertymapping"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_providers_saml.samlpropertymapping": {
|
|
"type": "object",
|
|
"properties": {
|
|
"managed": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
],
|
|
"minLength": 1,
|
|
"title": "Managed by authentik",
|
|
"description": "Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update."
|
|
},
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"expression": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Expression"
|
|
},
|
|
"saml_name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "SAML Name"
|
|
},
|
|
"friendly_name": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
],
|
|
"title": "Friendly name"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_providers_saml.samlpropertymapping_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_samlpropertymapping",
|
|
"change_samlpropertymapping",
|
|
"delete_samlpropertymapping",
|
|
"view_samlpropertymapping"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_providers_saml.samlprovider": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"authentication_flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Authentication flow",
|
|
"description": "Flow used for authentication when the associated application is accessed by an un-authenticated user."
|
|
},
|
|
"authorization_flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Authorization flow",
|
|
"description": "Flow used when authorizing this provider."
|
|
},
|
|
"invalidation_flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Invalidation flow",
|
|
"description": "Flow used ending the session from a provider."
|
|
},
|
|
"property_mappings": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"format": "uuid"
|
|
},
|
|
"title": "Property mappings"
|
|
},
|
|
"acs_url": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "ACS URL"
|
|
},
|
|
"sls_url": {
|
|
"type": "string",
|
|
"title": "SLS URL",
|
|
"description": "Single Logout Service URL where the logout response should be sent."
|
|
},
|
|
"audience": {
|
|
"type": "string",
|
|
"title": "Audience",
|
|
"description": "Value of the audience restriction field of the assertion. When left empty, no audience restriction will be added."
|
|
},
|
|
"issuer": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Issuer",
|
|
"description": "Also known as EntityID"
|
|
},
|
|
"assertion_valid_not_before": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Assertion valid not before",
|
|
"description": "Assertion valid not before current time + this value (Format: hours=-1;minutes=-2;seconds=-3)."
|
|
},
|
|
"assertion_valid_not_on_or_after": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Assertion valid not on or after",
|
|
"description": "Assertion not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)."
|
|
},
|
|
"session_valid_not_on_or_after": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Session valid not on or after",
|
|
"description": "Session not valid on or after current time + this value (Format: hours=1;minutes=2;seconds=3)."
|
|
},
|
|
"name_id_mapping": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "NameID Property Mapping",
|
|
"description": "Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be considered"
|
|
},
|
|
"authn_context_class_ref_mapping": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "AuthnContextClassRef Property Mapping",
|
|
"description": "Configure how the AuthnContextClassRef value will be created. When left empty, the AuthnContextClassRef will be set based on which authentication methods the user used to authenticate."
|
|
},
|
|
"digest_algorithm": {
|
|
"type": "string",
|
|
"enum": [
|
|
"http://www.w3.org/2000/09/xmldsig#sha1",
|
|
"http://www.w3.org/2001/04/xmlenc#sha256",
|
|
"http://www.w3.org/2001/04/xmldsig-more#sha384",
|
|
"http://www.w3.org/2001/04/xmlenc#sha512"
|
|
],
|
|
"title": "Digest algorithm"
|
|
},
|
|
"signature_algorithm": {
|
|
"type": "string",
|
|
"enum": [
|
|
"http://www.w3.org/2000/09/xmldsig#rsa-sha1",
|
|
"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
|
|
"http://www.w3.org/2001/04/xmldsig-more#rsa-sha384",
|
|
"http://www.w3.org/2001/04/xmldsig-more#rsa-sha512",
|
|
"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1",
|
|
"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256",
|
|
"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384",
|
|
"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512",
|
|
"http://www.w3.org/2000/09/xmldsig#dsa-sha1"
|
|
],
|
|
"title": "Signature algorithm"
|
|
},
|
|
"signing_kp": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Signing Keypair",
|
|
"description": "Keypair used to sign outgoing Responses going to the Service Provider."
|
|
},
|
|
"verification_kp": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Verification Certificate",
|
|
"description": "When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default."
|
|
},
|
|
"encryption_kp": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Encryption Keypair",
|
|
"description": "When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key."
|
|
},
|
|
"sign_assertion": {
|
|
"type": "boolean",
|
|
"title": "Sign assertion"
|
|
},
|
|
"sign_response": {
|
|
"type": "boolean",
|
|
"title": "Sign response"
|
|
},
|
|
"sign_logout_request": {
|
|
"type": "boolean",
|
|
"title": "Sign logout request"
|
|
},
|
|
"sign_logout_response": {
|
|
"type": "boolean",
|
|
"title": "Sign logout response"
|
|
},
|
|
"sp_binding": {
|
|
"type": "string",
|
|
"enum": [
|
|
"redirect",
|
|
"post"
|
|
],
|
|
"title": "Service Provider Binding",
|
|
"description": "This determines how authentik sends the response back to the Service Provider."
|
|
},
|
|
"sls_binding": {
|
|
"type": "string",
|
|
"enum": [
|
|
"redirect",
|
|
"post"
|
|
],
|
|
"title": "SLS Binding",
|
|
"description": "This determines how authentik sends the logout response back to the Service Provider."
|
|
},
|
|
"logout_method": {
|
|
"type": "string",
|
|
"enum": [
|
|
"frontchannel_iframe",
|
|
"frontchannel_native",
|
|
"backchannel"
|
|
],
|
|
"title": "Logout method",
|
|
"description": "Method to use for logout. Front-channel iframe loads all logout URLs simultaneously in hidden iframes. Front-channel native uses your active browser tab to send post requests and redirect to providers. Back-channel sends logout requests directly from the server without user interaction (requires POST SLS binding)."
|
|
},
|
|
"default_relay_state": {
|
|
"type": "string",
|
|
"title": "Default relay state",
|
|
"description": "Default relay_state value for IDP-initiated logins"
|
|
},
|
|
"default_name_id_policy": {
|
|
"type": "string",
|
|
"enum": [
|
|
"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
|
|
"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
|
|
"urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName",
|
|
"urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName",
|
|
"urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
|
|
"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
|
],
|
|
"title": "Default name id policy"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_providers_saml.samlprovider_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_samlprovider",
|
|
"change_samlprovider",
|
|
"delete_samlprovider",
|
|
"view_samlprovider"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_providers_scim.scimmapping": {
|
|
"type": "object",
|
|
"properties": {
|
|
"managed": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
],
|
|
"minLength": 1,
|
|
"title": "Managed by authentik",
|
|
"description": "Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update."
|
|
},
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"expression": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Expression"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_providers_scim.scimmapping_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_scimmapping",
|
|
"change_scimmapping",
|
|
"delete_scimmapping",
|
|
"view_scimmapping"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_providers_scim.scimprovider": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"property_mappings": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"format": "uuid"
|
|
},
|
|
"title": "Property mappings"
|
|
},
|
|
"property_mappings_group": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"description": "Property mappings used for group creation/updating."
|
|
},
|
|
"title": "Property mappings group",
|
|
"description": "Property mappings used for group creation/updating."
|
|
},
|
|
"url": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Url",
|
|
"description": "Base URL to SCIM requests, usually ends in /v2"
|
|
},
|
|
"verify_certificates": {
|
|
"type": "boolean",
|
|
"title": "Verify certificates"
|
|
},
|
|
"token": {
|
|
"type": "string",
|
|
"title": "Token",
|
|
"description": "Authentication token"
|
|
},
|
|
"auth_mode": {
|
|
"type": "string",
|
|
"enum": [
|
|
"token",
|
|
"oauth"
|
|
],
|
|
"title": "Auth mode"
|
|
},
|
|
"auth_oauth": {
|
|
"type": "integer",
|
|
"title": "Auth oauth",
|
|
"description": "OAuth Source used for authentication"
|
|
},
|
|
"auth_oauth_params": {
|
|
"type": "object",
|
|
"additionalProperties": true,
|
|
"title": "Auth oauth params",
|
|
"description": "Additional OAuth parameters, such as grant_type"
|
|
},
|
|
"compatibility_mode": {
|
|
"type": "string",
|
|
"enum": [
|
|
"default",
|
|
"aws",
|
|
"slack",
|
|
"sfdc",
|
|
"webex"
|
|
],
|
|
"title": "SCIM Compatibility Mode",
|
|
"description": "Alter authentik behavior for vendor-specific SCIM implementations."
|
|
},
|
|
"service_provider_config_cache_timeout": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Service provider config cache timeout",
|
|
"description": "Cache duration for ServiceProviderConfig responses. Set minutes=0 to disable."
|
|
},
|
|
"exclude_users_service_account": {
|
|
"type": "boolean",
|
|
"title": "Exclude users service account"
|
|
},
|
|
"sync_page_size": {
|
|
"type": "integer",
|
|
"minimum": 1,
|
|
"maximum": 2147483647,
|
|
"title": "Sync page size",
|
|
"description": "Controls the number of objects synced in a single task"
|
|
},
|
|
"sync_page_timeout": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Sync page timeout",
|
|
"description": "Timeout for synchronization of a single page"
|
|
},
|
|
"group_filters": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"description": "Group filters used to define sync-scope for groups."
|
|
},
|
|
"title": "Group filters",
|
|
"description": "Group filters used to define sync-scope for groups."
|
|
},
|
|
"dry_run": {
|
|
"type": "boolean",
|
|
"title": "Dry run",
|
|
"description": "When enabled, provider will not modify or create objects in the remote system."
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_providers_scim.scimprovider_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_scimprovider",
|
|
"change_scimprovider",
|
|
"delete_scimprovider",
|
|
"view_scimprovider"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_rbac.initialpermissions": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"maxLength": 150,
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"role": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Role"
|
|
},
|
|
"permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "integer"
|
|
},
|
|
"title": "Permissions"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_rbac.initialpermissions_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_initialpermissions",
|
|
"change_initialpermissions",
|
|
"delete_initialpermissions",
|
|
"view_initialpermissions"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_rbac.role": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"enum": [
|
|
"authentik_blueprints.add_blueprintinstance",
|
|
"authentik_blueprints.change_blueprintinstance",
|
|
"authentik_blueprints.delete_blueprintinstance",
|
|
"authentik_blueprints.view_blueprintinstance",
|
|
"authentik_brands.add_brand",
|
|
"authentik_brands.change_brand",
|
|
"authentik_brands.delete_brand",
|
|
"authentik_brands.view_brand",
|
|
"authentik_core.add_application",
|
|
"authentik_core.add_applicationentitlement",
|
|
"authentik_core.add_authenticatedsession",
|
|
"authentik_core.add_group",
|
|
"authentik_core.add_groupancestrynode",
|
|
"authentik_core.add_groupparentagenode",
|
|
"authentik_core.add_groupsourceconnection",
|
|
"authentik_core.add_propertymapping",
|
|
"authentik_core.add_provider",
|
|
"authentik_core.add_source",
|
|
"authentik_core.add_token",
|
|
"authentik_core.add_user",
|
|
"authentik_core.add_user_to_group",
|
|
"authentik_core.add_usersourceconnection",
|
|
"authentik_core.change_application",
|
|
"authentik_core.change_applicationentitlement",
|
|
"authentik_core.change_authenticatedsession",
|
|
"authentik_core.change_group",
|
|
"authentik_core.change_groupancestrynode",
|
|
"authentik_core.change_groupparentagenode",
|
|
"authentik_core.change_groupsourceconnection",
|
|
"authentik_core.change_propertymapping",
|
|
"authentik_core.change_provider",
|
|
"authentik_core.change_source",
|
|
"authentik_core.change_token",
|
|
"authentik_core.change_user",
|
|
"authentik_core.change_usersourceconnection",
|
|
"authentik_core.delete_application",
|
|
"authentik_core.delete_applicationentitlement",
|
|
"authentik_core.delete_authenticatedsession",
|
|
"authentik_core.delete_group",
|
|
"authentik_core.delete_groupancestrynode",
|
|
"authentik_core.delete_groupparentagenode",
|
|
"authentik_core.delete_groupsourceconnection",
|
|
"authentik_core.delete_propertymapping",
|
|
"authentik_core.delete_provider",
|
|
"authentik_core.delete_source",
|
|
"authentik_core.delete_token",
|
|
"authentik_core.delete_user",
|
|
"authentik_core.delete_usersourceconnection",
|
|
"authentik_core.disable_group_superuser",
|
|
"authentik_core.enable_group_superuser",
|
|
"authentik_core.impersonate",
|
|
"authentik_core.preview_user",
|
|
"authentik_core.remove_user_from_group",
|
|
"authentik_core.reset_user_password",
|
|
"authentik_core.set_token_key",
|
|
"authentik_core.view_application",
|
|
"authentik_core.view_applicationentitlement",
|
|
"authentik_core.view_authenticatedsession",
|
|
"authentik_core.view_group",
|
|
"authentik_core.view_groupancestrynode",
|
|
"authentik_core.view_groupparentagenode",
|
|
"authentik_core.view_groupsourceconnection",
|
|
"authentik_core.view_propertymapping",
|
|
"authentik_core.view_provider",
|
|
"authentik_core.view_source",
|
|
"authentik_core.view_token",
|
|
"authentik_core.view_token_key",
|
|
"authentik_core.view_user",
|
|
"authentik_core.view_user_applications",
|
|
"authentik_core.view_usersourceconnection",
|
|
"authentik_crypto.add_certificatekeypair",
|
|
"authentik_crypto.change_certificatekeypair",
|
|
"authentik_crypto.delete_certificatekeypair",
|
|
"authentik_crypto.view_certificatekeypair",
|
|
"authentik_crypto.view_certificatekeypair_certificate",
|
|
"authentik_crypto.view_certificatekeypair_key",
|
|
"authentik_endpoints.add_connector",
|
|
"authentik_endpoints.add_device",
|
|
"authentik_endpoints.add_deviceaccessgroup",
|
|
"authentik_endpoints.add_deviceconnection",
|
|
"authentik_endpoints.add_devicefactsnapshot",
|
|
"authentik_endpoints.add_deviceuserbinding",
|
|
"authentik_endpoints.add_endpointstage",
|
|
"authentik_endpoints.change_connector",
|
|
"authentik_endpoints.change_device",
|
|
"authentik_endpoints.change_deviceaccessgroup",
|
|
"authentik_endpoints.change_deviceconnection",
|
|
"authentik_endpoints.change_devicefactsnapshot",
|
|
"authentik_endpoints.change_deviceuserbinding",
|
|
"authentik_endpoints.change_endpointstage",
|
|
"authentik_endpoints.delete_connector",
|
|
"authentik_endpoints.delete_device",
|
|
"authentik_endpoints.delete_deviceaccessgroup",
|
|
"authentik_endpoints.delete_deviceconnection",
|
|
"authentik_endpoints.delete_devicefactsnapshot",
|
|
"authentik_endpoints.delete_deviceuserbinding",
|
|
"authentik_endpoints.delete_endpointstage",
|
|
"authentik_endpoints.view_connector",
|
|
"authentik_endpoints.view_device",
|
|
"authentik_endpoints.view_deviceaccessgroup",
|
|
"authentik_endpoints.view_deviceconnection",
|
|
"authentik_endpoints.view_devicefactsnapshot",
|
|
"authentik_endpoints.view_deviceuserbinding",
|
|
"authentik_endpoints.view_endpointstage",
|
|
"authentik_endpoints_connectors_agent.add_agentconnector",
|
|
"authentik_endpoints_connectors_agent.add_agentdeviceconnection",
|
|
"authentik_endpoints_connectors_agent.add_agentdeviceuserbinding",
|
|
"authentik_endpoints_connectors_agent.add_appleindependentsecureenclave",
|
|
"authentik_endpoints_connectors_agent.add_applenonce",
|
|
"authentik_endpoints_connectors_agent.add_deviceauthenticationtoken",
|
|
"authentik_endpoints_connectors_agent.add_devicetoken",
|
|
"authentik_endpoints_connectors_agent.add_enrollmenttoken",
|
|
"authentik_endpoints_connectors_agent.change_agentconnector",
|
|
"authentik_endpoints_connectors_agent.change_agentdeviceconnection",
|
|
"authentik_endpoints_connectors_agent.change_agentdeviceuserbinding",
|
|
"authentik_endpoints_connectors_agent.change_appleindependentsecureenclave",
|
|
"authentik_endpoints_connectors_agent.change_applenonce",
|
|
"authentik_endpoints_connectors_agent.change_deviceauthenticationtoken",
|
|
"authentik_endpoints_connectors_agent.change_devicetoken",
|
|
"authentik_endpoints_connectors_agent.change_enrollmenttoken",
|
|
"authentik_endpoints_connectors_agent.delete_agentconnector",
|
|
"authentik_endpoints_connectors_agent.delete_agentdeviceconnection",
|
|
"authentik_endpoints_connectors_agent.delete_agentdeviceuserbinding",
|
|
"authentik_endpoints_connectors_agent.delete_appleindependentsecureenclave",
|
|
"authentik_endpoints_connectors_agent.delete_applenonce",
|
|
"authentik_endpoints_connectors_agent.delete_deviceauthenticationtoken",
|
|
"authentik_endpoints_connectors_agent.delete_devicetoken",
|
|
"authentik_endpoints_connectors_agent.delete_enrollmenttoken",
|
|
"authentik_endpoints_connectors_agent.view_agentconnector",
|
|
"authentik_endpoints_connectors_agent.view_agentdeviceconnection",
|
|
"authentik_endpoints_connectors_agent.view_agentdeviceuserbinding",
|
|
"authentik_endpoints_connectors_agent.view_appleindependentsecureenclave",
|
|
"authentik_endpoints_connectors_agent.view_applenonce",
|
|
"authentik_endpoints_connectors_agent.view_deviceauthenticationtoken",
|
|
"authentik_endpoints_connectors_agent.view_devicetoken",
|
|
"authentik_endpoints_connectors_agent.view_enrollment_token_key",
|
|
"authentik_endpoints_connectors_agent.view_enrollmenttoken",
|
|
"authentik_endpoints_connectors_fleet.add_fleetconnector",
|
|
"authentik_endpoints_connectors_fleet.change_fleetconnector",
|
|
"authentik_endpoints_connectors_fleet.delete_fleetconnector",
|
|
"authentik_endpoints_connectors_fleet.view_fleetconnector",
|
|
"authentik_endpoints_connectors_google_chrome.add_googlechromeconnector",
|
|
"authentik_endpoints_connectors_google_chrome.change_googlechromeconnector",
|
|
"authentik_endpoints_connectors_google_chrome.delete_googlechromeconnector",
|
|
"authentik_endpoints_connectors_google_chrome.view_googlechromeconnector",
|
|
"authentik_enterprise.add_license",
|
|
"authentik_enterprise.add_licenseusage",
|
|
"authentik_enterprise.change_license",
|
|
"authentik_enterprise.change_licenseusage",
|
|
"authentik_enterprise.delete_license",
|
|
"authentik_enterprise.delete_licenseusage",
|
|
"authentik_enterprise.view_license",
|
|
"authentik_enterprise.view_licenseusage",
|
|
"authentik_events.add_event",
|
|
"authentik_events.add_notification",
|
|
"authentik_events.add_notificationrule",
|
|
"authentik_events.add_notificationtransport",
|
|
"authentik_events.add_notificationwebhookmapping",
|
|
"authentik_events.change_event",
|
|
"authentik_events.change_notification",
|
|
"authentik_events.change_notificationrule",
|
|
"authentik_events.change_notificationtransport",
|
|
"authentik_events.change_notificationwebhookmapping",
|
|
"authentik_events.delete_event",
|
|
"authentik_events.delete_notification",
|
|
"authentik_events.delete_notificationrule",
|
|
"authentik_events.delete_notificationtransport",
|
|
"authentik_events.delete_notificationwebhookmapping",
|
|
"authentik_events.view_event",
|
|
"authentik_events.view_notification",
|
|
"authentik_events.view_notificationrule",
|
|
"authentik_events.view_notificationtransport",
|
|
"authentik_events.view_notificationwebhookmapping",
|
|
"authentik_flows.add_flow",
|
|
"authentik_flows.add_flowstagebinding",
|
|
"authentik_flows.add_flowtoken",
|
|
"authentik_flows.add_stage",
|
|
"authentik_flows.change_flow",
|
|
"authentik_flows.change_flowstagebinding",
|
|
"authentik_flows.change_flowtoken",
|
|
"authentik_flows.change_stage",
|
|
"authentik_flows.clear_flow_cache",
|
|
"authentik_flows.delete_flow",
|
|
"authentik_flows.delete_flowstagebinding",
|
|
"authentik_flows.delete_flowtoken",
|
|
"authentik_flows.delete_stage",
|
|
"authentik_flows.export_flow",
|
|
"authentik_flows.inspect_flow",
|
|
"authentik_flows.view_flow",
|
|
"authentik_flows.view_flow_cache",
|
|
"authentik_flows.view_flowstagebinding",
|
|
"authentik_flows.view_flowtoken",
|
|
"authentik_flows.view_stage",
|
|
"authentik_lifecycle.add_lifecycleiteration",
|
|
"authentik_lifecycle.add_lifecyclerule",
|
|
"authentik_lifecycle.add_review",
|
|
"authentik_lifecycle.change_lifecycleiteration",
|
|
"authentik_lifecycle.change_lifecyclerule",
|
|
"authentik_lifecycle.change_review",
|
|
"authentik_lifecycle.delete_lifecycleiteration",
|
|
"authentik_lifecycle.delete_lifecyclerule",
|
|
"authentik_lifecycle.delete_review",
|
|
"authentik_lifecycle.view_lifecycleiteration",
|
|
"authentik_lifecycle.view_lifecyclerule",
|
|
"authentik_lifecycle.view_review",
|
|
"authentik_outposts.add_dockerserviceconnection",
|
|
"authentik_outposts.add_kubernetesserviceconnection",
|
|
"authentik_outposts.add_outpost",
|
|
"authentik_outposts.add_outpostserviceconnection",
|
|
"authentik_outposts.change_dockerserviceconnection",
|
|
"authentik_outposts.change_kubernetesserviceconnection",
|
|
"authentik_outposts.change_outpost",
|
|
"authentik_outposts.change_outpostserviceconnection",
|
|
"authentik_outposts.delete_dockerserviceconnection",
|
|
"authentik_outposts.delete_kubernetesserviceconnection",
|
|
"authentik_outposts.delete_outpost",
|
|
"authentik_outposts.delete_outpostserviceconnection",
|
|
"authentik_outposts.view_dockerserviceconnection",
|
|
"authentik_outposts.view_kubernetesserviceconnection",
|
|
"authentik_outposts.view_outpost",
|
|
"authentik_outposts.view_outpostserviceconnection",
|
|
"authentik_policies.add_policy",
|
|
"authentik_policies.add_policybinding",
|
|
"authentik_policies.add_policybindingmodel",
|
|
"authentik_policies.change_policy",
|
|
"authentik_policies.change_policybinding",
|
|
"authentik_policies.change_policybindingmodel",
|
|
"authentik_policies.clear_policy_cache",
|
|
"authentik_policies.delete_policy",
|
|
"authentik_policies.delete_policybinding",
|
|
"authentik_policies.delete_policybindingmodel",
|
|
"authentik_policies.view_policy",
|
|
"authentik_policies.view_policy_cache",
|
|
"authentik_policies.view_policybinding",
|
|
"authentik_policies.view_policybindingmodel",
|
|
"authentik_policies_dummy.add_dummypolicy",
|
|
"authentik_policies_dummy.change_dummypolicy",
|
|
"authentik_policies_dummy.delete_dummypolicy",
|
|
"authentik_policies_dummy.view_dummypolicy",
|
|
"authentik_policies_event_matcher.add_eventmatcherpolicy",
|
|
"authentik_policies_event_matcher.change_eventmatcherpolicy",
|
|
"authentik_policies_event_matcher.delete_eventmatcherpolicy",
|
|
"authentik_policies_event_matcher.view_eventmatcherpolicy",
|
|
"authentik_policies_expiry.add_passwordexpirypolicy",
|
|
"authentik_policies_expiry.change_passwordexpirypolicy",
|
|
"authentik_policies_expiry.delete_passwordexpirypolicy",
|
|
"authentik_policies_expiry.view_passwordexpirypolicy",
|
|
"authentik_policies_expression.add_expressionpolicy",
|
|
"authentik_policies_expression.change_expressionpolicy",
|
|
"authentik_policies_expression.delete_expressionpolicy",
|
|
"authentik_policies_expression.view_expressionpolicy",
|
|
"authentik_policies_geoip.add_geoippolicy",
|
|
"authentik_policies_geoip.change_geoippolicy",
|
|
"authentik_policies_geoip.delete_geoippolicy",
|
|
"authentik_policies_geoip.view_geoippolicy",
|
|
"authentik_policies_password.add_passwordpolicy",
|
|
"authentik_policies_password.change_passwordpolicy",
|
|
"authentik_policies_password.delete_passwordpolicy",
|
|
"authentik_policies_password.view_passwordpolicy",
|
|
"authentik_policies_reputation.add_reputation",
|
|
"authentik_policies_reputation.add_reputationpolicy",
|
|
"authentik_policies_reputation.change_reputation",
|
|
"authentik_policies_reputation.change_reputationpolicy",
|
|
"authentik_policies_reputation.delete_reputation",
|
|
"authentik_policies_reputation.delete_reputationpolicy",
|
|
"authentik_policies_reputation.view_reputation",
|
|
"authentik_policies_reputation.view_reputationpolicy",
|
|
"authentik_policies_unique_password.add_uniquepasswordpolicy",
|
|
"authentik_policies_unique_password.add_userpasswordhistory",
|
|
"authentik_policies_unique_password.change_uniquepasswordpolicy",
|
|
"authentik_policies_unique_password.change_userpasswordhistory",
|
|
"authentik_policies_unique_password.delete_uniquepasswordpolicy",
|
|
"authentik_policies_unique_password.delete_userpasswordhistory",
|
|
"authentik_policies_unique_password.view_uniquepasswordpolicy",
|
|
"authentik_policies_unique_password.view_userpasswordhistory",
|
|
"authentik_providers_google_workspace.add_googleworkspaceprovider",
|
|
"authentik_providers_google_workspace.add_googleworkspaceprovidergroup",
|
|
"authentik_providers_google_workspace.add_googleworkspaceprovidermapping",
|
|
"authentik_providers_google_workspace.add_googleworkspaceprovideruser",
|
|
"authentik_providers_google_workspace.change_googleworkspaceprovider",
|
|
"authentik_providers_google_workspace.change_googleworkspaceprovidergroup",
|
|
"authentik_providers_google_workspace.change_googleworkspaceprovidermapping",
|
|
"authentik_providers_google_workspace.change_googleworkspaceprovideruser",
|
|
"authentik_providers_google_workspace.delete_googleworkspaceprovider",
|
|
"authentik_providers_google_workspace.delete_googleworkspaceprovidergroup",
|
|
"authentik_providers_google_workspace.delete_googleworkspaceprovidermapping",
|
|
"authentik_providers_google_workspace.delete_googleworkspaceprovideruser",
|
|
"authentik_providers_google_workspace.view_googleworkspaceprovider",
|
|
"authentik_providers_google_workspace.view_googleworkspaceprovidergroup",
|
|
"authentik_providers_google_workspace.view_googleworkspaceprovidermapping",
|
|
"authentik_providers_google_workspace.view_googleworkspaceprovideruser",
|
|
"authentik_providers_ldap.add_ldapprovider",
|
|
"authentik_providers_ldap.change_ldapprovider",
|
|
"authentik_providers_ldap.delete_ldapprovider",
|
|
"authentik_providers_ldap.search_full_directory",
|
|
"authentik_providers_ldap.view_ldapprovider",
|
|
"authentik_providers_microsoft_entra.add_microsoftentraprovider",
|
|
"authentik_providers_microsoft_entra.add_microsoftentraprovidergroup",
|
|
"authentik_providers_microsoft_entra.add_microsoftentraprovidermapping",
|
|
"authentik_providers_microsoft_entra.add_microsoftentraprovideruser",
|
|
"authentik_providers_microsoft_entra.change_microsoftentraprovider",
|
|
"authentik_providers_microsoft_entra.change_microsoftentraprovidergroup",
|
|
"authentik_providers_microsoft_entra.change_microsoftentraprovidermapping",
|
|
"authentik_providers_microsoft_entra.change_microsoftentraprovideruser",
|
|
"authentik_providers_microsoft_entra.delete_microsoftentraprovider",
|
|
"authentik_providers_microsoft_entra.delete_microsoftentraprovidergroup",
|
|
"authentik_providers_microsoft_entra.delete_microsoftentraprovidermapping",
|
|
"authentik_providers_microsoft_entra.delete_microsoftentraprovideruser",
|
|
"authentik_providers_microsoft_entra.view_microsoftentraprovider",
|
|
"authentik_providers_microsoft_entra.view_microsoftentraprovidergroup",
|
|
"authentik_providers_microsoft_entra.view_microsoftentraprovidermapping",
|
|
"authentik_providers_microsoft_entra.view_microsoftentraprovideruser",
|
|
"authentik_providers_oauth2.add_accesstoken",
|
|
"authentik_providers_oauth2.add_authorizationcode",
|
|
"authentik_providers_oauth2.add_devicetoken",
|
|
"authentik_providers_oauth2.add_oauth2provider",
|
|
"authentik_providers_oauth2.add_refreshtoken",
|
|
"authentik_providers_oauth2.add_scopemapping",
|
|
"authentik_providers_oauth2.change_accesstoken",
|
|
"authentik_providers_oauth2.change_authorizationcode",
|
|
"authentik_providers_oauth2.change_devicetoken",
|
|
"authentik_providers_oauth2.change_oauth2provider",
|
|
"authentik_providers_oauth2.change_refreshtoken",
|
|
"authentik_providers_oauth2.change_scopemapping",
|
|
"authentik_providers_oauth2.delete_accesstoken",
|
|
"authentik_providers_oauth2.delete_authorizationcode",
|
|
"authentik_providers_oauth2.delete_devicetoken",
|
|
"authentik_providers_oauth2.delete_oauth2provider",
|
|
"authentik_providers_oauth2.delete_refreshtoken",
|
|
"authentik_providers_oauth2.delete_scopemapping",
|
|
"authentik_providers_oauth2.view_accesstoken",
|
|
"authentik_providers_oauth2.view_authorizationcode",
|
|
"authentik_providers_oauth2.view_devicetoken",
|
|
"authentik_providers_oauth2.view_oauth2provider",
|
|
"authentik_providers_oauth2.view_refreshtoken",
|
|
"authentik_providers_oauth2.view_scopemapping",
|
|
"authentik_providers_proxy.add_proxyprovider",
|
|
"authentik_providers_proxy.add_proxysession",
|
|
"authentik_providers_proxy.change_proxyprovider",
|
|
"authentik_providers_proxy.change_proxysession",
|
|
"authentik_providers_proxy.delete_proxyprovider",
|
|
"authentik_providers_proxy.delete_proxysession",
|
|
"authentik_providers_proxy.view_proxyprovider",
|
|
"authentik_providers_proxy.view_proxysession",
|
|
"authentik_providers_rac.add_connectiontoken",
|
|
"authentik_providers_rac.add_endpoint",
|
|
"authentik_providers_rac.add_racpropertymapping",
|
|
"authentik_providers_rac.add_racprovider",
|
|
"authentik_providers_rac.change_connectiontoken",
|
|
"authentik_providers_rac.change_endpoint",
|
|
"authentik_providers_rac.change_racpropertymapping",
|
|
"authentik_providers_rac.change_racprovider",
|
|
"authentik_providers_rac.delete_connectiontoken",
|
|
"authentik_providers_rac.delete_endpoint",
|
|
"authentik_providers_rac.delete_racpropertymapping",
|
|
"authentik_providers_rac.delete_racprovider",
|
|
"authentik_providers_rac.view_connectiontoken",
|
|
"authentik_providers_rac.view_endpoint",
|
|
"authentik_providers_rac.view_racpropertymapping",
|
|
"authentik_providers_rac.view_racprovider",
|
|
"authentik_providers_radius.add_radiusprovider",
|
|
"authentik_providers_radius.add_radiusproviderpropertymapping",
|
|
"authentik_providers_radius.change_radiusprovider",
|
|
"authentik_providers_radius.change_radiusproviderpropertymapping",
|
|
"authentik_providers_radius.delete_radiusprovider",
|
|
"authentik_providers_radius.delete_radiusproviderpropertymapping",
|
|
"authentik_providers_radius.view_radiusprovider",
|
|
"authentik_providers_radius.view_radiusproviderpropertymapping",
|
|
"authentik_providers_saml.add_samlpropertymapping",
|
|
"authentik_providers_saml.add_samlprovider",
|
|
"authentik_providers_saml.add_samlsession",
|
|
"authentik_providers_saml.change_samlpropertymapping",
|
|
"authentik_providers_saml.change_samlprovider",
|
|
"authentik_providers_saml.change_samlsession",
|
|
"authentik_providers_saml.delete_samlpropertymapping",
|
|
"authentik_providers_saml.delete_samlprovider",
|
|
"authentik_providers_saml.delete_samlsession",
|
|
"authentik_providers_saml.view_samlpropertymapping",
|
|
"authentik_providers_saml.view_samlprovider",
|
|
"authentik_providers_saml.view_samlsession",
|
|
"authentik_providers_scim.add_scimmapping",
|
|
"authentik_providers_scim.add_scimprovider",
|
|
"authentik_providers_scim.add_scimprovidergroup",
|
|
"authentik_providers_scim.add_scimprovideruser",
|
|
"authentik_providers_scim.change_scimmapping",
|
|
"authentik_providers_scim.change_scimprovider",
|
|
"authentik_providers_scim.change_scimprovidergroup",
|
|
"authentik_providers_scim.change_scimprovideruser",
|
|
"authentik_providers_scim.delete_scimmapping",
|
|
"authentik_providers_scim.delete_scimprovider",
|
|
"authentik_providers_scim.delete_scimprovidergroup",
|
|
"authentik_providers_scim.delete_scimprovideruser",
|
|
"authentik_providers_scim.view_scimmapping",
|
|
"authentik_providers_scim.view_scimprovider",
|
|
"authentik_providers_scim.view_scimprovidergroup",
|
|
"authentik_providers_scim.view_scimprovideruser",
|
|
"authentik_providers_ssf.add_ssfprovider",
|
|
"authentik_providers_ssf.add_stream",
|
|
"authentik_providers_ssf.add_streamevent",
|
|
"authentik_providers_ssf.change_ssfprovider",
|
|
"authentik_providers_ssf.change_stream",
|
|
"authentik_providers_ssf.change_streamevent",
|
|
"authentik_providers_ssf.delete_ssfprovider",
|
|
"authentik_providers_ssf.delete_stream",
|
|
"authentik_providers_ssf.delete_streamevent",
|
|
"authentik_providers_ssf.view_ssfprovider",
|
|
"authentik_providers_ssf.view_stream",
|
|
"authentik_providers_ssf.view_streamevent",
|
|
"authentik_providers_ws_federation.add_wsfederationprovider",
|
|
"authentik_providers_ws_federation.change_wsfederationprovider",
|
|
"authentik_providers_ws_federation.delete_wsfederationprovider",
|
|
"authentik_providers_ws_federation.view_wsfederationprovider",
|
|
"authentik_rbac.access_admin_interface",
|
|
"authentik_rbac.add_initialpermissions",
|
|
"authentik_rbac.add_role",
|
|
"authentik_rbac.assign_role_permissions",
|
|
"authentik_rbac.change_initialpermissions",
|
|
"authentik_rbac.change_role",
|
|
"authentik_rbac.delete_initialpermissions",
|
|
"authentik_rbac.delete_role",
|
|
"authentik_rbac.edit_system_settings",
|
|
"authentik_rbac.manage_media_files",
|
|
"authentik_rbac.unassign_role_permissions",
|
|
"authentik_rbac.view_initialpermissions",
|
|
"authentik_rbac.view_media_files",
|
|
"authentik_rbac.view_role",
|
|
"authentik_rbac.view_system_info",
|
|
"authentik_rbac.view_system_settings",
|
|
"authentik_reports.add_dataexport",
|
|
"authentik_reports.change_dataexport",
|
|
"authentik_reports.delete_dataexport",
|
|
"authentik_reports.view_dataexport",
|
|
"authentik_sources_kerberos.add_groupkerberossourceconnection",
|
|
"authentik_sources_kerberos.add_kerberossource",
|
|
"authentik_sources_kerberos.add_kerberossourcepropertymapping",
|
|
"authentik_sources_kerberos.add_userkerberossourceconnection",
|
|
"authentik_sources_kerberos.change_groupkerberossourceconnection",
|
|
"authentik_sources_kerberos.change_kerberossource",
|
|
"authentik_sources_kerberos.change_kerberossourcepropertymapping",
|
|
"authentik_sources_kerberos.change_userkerberossourceconnection",
|
|
"authentik_sources_kerberos.delete_groupkerberossourceconnection",
|
|
"authentik_sources_kerberos.delete_kerberossource",
|
|
"authentik_sources_kerberos.delete_kerberossourcepropertymapping",
|
|
"authentik_sources_kerberos.delete_userkerberossourceconnection",
|
|
"authentik_sources_kerberos.view_groupkerberossourceconnection",
|
|
"authentik_sources_kerberos.view_kerberossource",
|
|
"authentik_sources_kerberos.view_kerberossourcepropertymapping",
|
|
"authentik_sources_kerberos.view_userkerberossourceconnection",
|
|
"authentik_sources_ldap.add_groupldapsourceconnection",
|
|
"authentik_sources_ldap.add_ldapsource",
|
|
"authentik_sources_ldap.add_ldapsourcepropertymapping",
|
|
"authentik_sources_ldap.add_userldapsourceconnection",
|
|
"authentik_sources_ldap.change_groupldapsourceconnection",
|
|
"authentik_sources_ldap.change_ldapsource",
|
|
"authentik_sources_ldap.change_ldapsourcepropertymapping",
|
|
"authentik_sources_ldap.change_userldapsourceconnection",
|
|
"authentik_sources_ldap.delete_groupldapsourceconnection",
|
|
"authentik_sources_ldap.delete_ldapsource",
|
|
"authentik_sources_ldap.delete_ldapsourcepropertymapping",
|
|
"authentik_sources_ldap.delete_userldapsourceconnection",
|
|
"authentik_sources_ldap.view_groupldapsourceconnection",
|
|
"authentik_sources_ldap.view_ldapsource",
|
|
"authentik_sources_ldap.view_ldapsourcepropertymapping",
|
|
"authentik_sources_ldap.view_userldapsourceconnection",
|
|
"authentik_sources_oauth.add_groupoauthsourceconnection",
|
|
"authentik_sources_oauth.add_oauthsource",
|
|
"authentik_sources_oauth.add_oauthsourcepropertymapping",
|
|
"authentik_sources_oauth.add_useroauthsourceconnection",
|
|
"authentik_sources_oauth.change_groupoauthsourceconnection",
|
|
"authentik_sources_oauth.change_oauthsource",
|
|
"authentik_sources_oauth.change_oauthsourcepropertymapping",
|
|
"authentik_sources_oauth.change_useroauthsourceconnection",
|
|
"authentik_sources_oauth.delete_groupoauthsourceconnection",
|
|
"authentik_sources_oauth.delete_oauthsource",
|
|
"authentik_sources_oauth.delete_oauthsourcepropertymapping",
|
|
"authentik_sources_oauth.delete_useroauthsourceconnection",
|
|
"authentik_sources_oauth.view_groupoauthsourceconnection",
|
|
"authentik_sources_oauth.view_oauthsource",
|
|
"authentik_sources_oauth.view_oauthsourcepropertymapping",
|
|
"authentik_sources_oauth.view_useroauthsourceconnection",
|
|
"authentik_sources_plex.add_groupplexsourceconnection",
|
|
"authentik_sources_plex.add_plexsource",
|
|
"authentik_sources_plex.add_plexsourcepropertymapping",
|
|
"authentik_sources_plex.add_userplexsourceconnection",
|
|
"authentik_sources_plex.change_groupplexsourceconnection",
|
|
"authentik_sources_plex.change_plexsource",
|
|
"authentik_sources_plex.change_plexsourcepropertymapping",
|
|
"authentik_sources_plex.change_userplexsourceconnection",
|
|
"authentik_sources_plex.delete_groupplexsourceconnection",
|
|
"authentik_sources_plex.delete_plexsource",
|
|
"authentik_sources_plex.delete_plexsourcepropertymapping",
|
|
"authentik_sources_plex.delete_userplexsourceconnection",
|
|
"authentik_sources_plex.view_groupplexsourceconnection",
|
|
"authentik_sources_plex.view_plexsource",
|
|
"authentik_sources_plex.view_plexsourcepropertymapping",
|
|
"authentik_sources_plex.view_userplexsourceconnection",
|
|
"authentik_sources_saml.add_groupsamlsourceconnection",
|
|
"authentik_sources_saml.add_samlsource",
|
|
"authentik_sources_saml.add_samlsourcepropertymapping",
|
|
"authentik_sources_saml.add_usersamlsourceconnection",
|
|
"authentik_sources_saml.change_groupsamlsourceconnection",
|
|
"authentik_sources_saml.change_samlsource",
|
|
"authentik_sources_saml.change_samlsourcepropertymapping",
|
|
"authentik_sources_saml.change_usersamlsourceconnection",
|
|
"authentik_sources_saml.delete_groupsamlsourceconnection",
|
|
"authentik_sources_saml.delete_samlsource",
|
|
"authentik_sources_saml.delete_samlsourcepropertymapping",
|
|
"authentik_sources_saml.delete_usersamlsourceconnection",
|
|
"authentik_sources_saml.view_groupsamlsourceconnection",
|
|
"authentik_sources_saml.view_samlsource",
|
|
"authentik_sources_saml.view_samlsourcepropertymapping",
|
|
"authentik_sources_saml.view_usersamlsourceconnection",
|
|
"authentik_sources_scim.add_scimsource",
|
|
"authentik_sources_scim.add_scimsourcegroup",
|
|
"authentik_sources_scim.add_scimsourcepropertymapping",
|
|
"authentik_sources_scim.add_scimsourceuser",
|
|
"authentik_sources_scim.change_scimsource",
|
|
"authentik_sources_scim.change_scimsourcegroup",
|
|
"authentik_sources_scim.change_scimsourcepropertymapping",
|
|
"authentik_sources_scim.change_scimsourceuser",
|
|
"authentik_sources_scim.delete_scimsource",
|
|
"authentik_sources_scim.delete_scimsourcegroup",
|
|
"authentik_sources_scim.delete_scimsourcepropertymapping",
|
|
"authentik_sources_scim.delete_scimsourceuser",
|
|
"authentik_sources_scim.view_scimsource",
|
|
"authentik_sources_scim.view_scimsourcegroup",
|
|
"authentik_sources_scim.view_scimsourcepropertymapping",
|
|
"authentik_sources_scim.view_scimsourceuser",
|
|
"authentik_sources_telegram.add_grouptelegramsourceconnection",
|
|
"authentik_sources_telegram.add_telegramsource",
|
|
"authentik_sources_telegram.add_telegramsourcepropertymapping",
|
|
"authentik_sources_telegram.add_usertelegramsourceconnection",
|
|
"authentik_sources_telegram.change_grouptelegramsourceconnection",
|
|
"authentik_sources_telegram.change_telegramsource",
|
|
"authentik_sources_telegram.change_telegramsourcepropertymapping",
|
|
"authentik_sources_telegram.change_usertelegramsourceconnection",
|
|
"authentik_sources_telegram.delete_grouptelegramsourceconnection",
|
|
"authentik_sources_telegram.delete_telegramsource",
|
|
"authentik_sources_telegram.delete_telegramsourcepropertymapping",
|
|
"authentik_sources_telegram.delete_usertelegramsourceconnection",
|
|
"authentik_sources_telegram.view_grouptelegramsourceconnection",
|
|
"authentik_sources_telegram.view_telegramsource",
|
|
"authentik_sources_telegram.view_telegramsourcepropertymapping",
|
|
"authentik_sources_telegram.view_usertelegramsourceconnection",
|
|
"authentik_stages_authenticator_duo.add_authenticatorduostage",
|
|
"authentik_stages_authenticator_duo.add_duodevice",
|
|
"authentik_stages_authenticator_duo.change_authenticatorduostage",
|
|
"authentik_stages_authenticator_duo.change_duodevice",
|
|
"authentik_stages_authenticator_duo.delete_authenticatorduostage",
|
|
"authentik_stages_authenticator_duo.delete_duodevice",
|
|
"authentik_stages_authenticator_duo.view_authenticatorduostage",
|
|
"authentik_stages_authenticator_duo.view_duodevice",
|
|
"authentik_stages_authenticator_email.add_authenticatoremailstage",
|
|
"authentik_stages_authenticator_email.add_emaildevice",
|
|
"authentik_stages_authenticator_email.change_authenticatoremailstage",
|
|
"authentik_stages_authenticator_email.change_emaildevice",
|
|
"authentik_stages_authenticator_email.delete_authenticatoremailstage",
|
|
"authentik_stages_authenticator_email.delete_emaildevice",
|
|
"authentik_stages_authenticator_email.view_authenticatoremailstage",
|
|
"authentik_stages_authenticator_email.view_emaildevice",
|
|
"authentik_stages_authenticator_endpoint_gdtc.add_authenticatorendpointgdtcstage",
|
|
"authentik_stages_authenticator_endpoint_gdtc.add_endpointdevice",
|
|
"authentik_stages_authenticator_endpoint_gdtc.add_endpointdeviceconnection",
|
|
"authentik_stages_authenticator_endpoint_gdtc.change_authenticatorendpointgdtcstage",
|
|
"authentik_stages_authenticator_endpoint_gdtc.change_endpointdevice",
|
|
"authentik_stages_authenticator_endpoint_gdtc.change_endpointdeviceconnection",
|
|
"authentik_stages_authenticator_endpoint_gdtc.delete_authenticatorendpointgdtcstage",
|
|
"authentik_stages_authenticator_endpoint_gdtc.delete_endpointdevice",
|
|
"authentik_stages_authenticator_endpoint_gdtc.delete_endpointdeviceconnection",
|
|
"authentik_stages_authenticator_endpoint_gdtc.view_authenticatorendpointgdtcstage",
|
|
"authentik_stages_authenticator_endpoint_gdtc.view_endpointdevice",
|
|
"authentik_stages_authenticator_endpoint_gdtc.view_endpointdeviceconnection",
|
|
"authentik_stages_authenticator_sms.add_authenticatorsmsstage",
|
|
"authentik_stages_authenticator_sms.add_smsdevice",
|
|
"authentik_stages_authenticator_sms.change_authenticatorsmsstage",
|
|
"authentik_stages_authenticator_sms.change_smsdevice",
|
|
"authentik_stages_authenticator_sms.delete_authenticatorsmsstage",
|
|
"authentik_stages_authenticator_sms.delete_smsdevice",
|
|
"authentik_stages_authenticator_sms.view_authenticatorsmsstage",
|
|
"authentik_stages_authenticator_sms.view_smsdevice",
|
|
"authentik_stages_authenticator_static.add_authenticatorstaticstage",
|
|
"authentik_stages_authenticator_static.add_staticdevice",
|
|
"authentik_stages_authenticator_static.add_statictoken",
|
|
"authentik_stages_authenticator_static.change_authenticatorstaticstage",
|
|
"authentik_stages_authenticator_static.change_staticdevice",
|
|
"authentik_stages_authenticator_static.change_statictoken",
|
|
"authentik_stages_authenticator_static.delete_authenticatorstaticstage",
|
|
"authentik_stages_authenticator_static.delete_staticdevice",
|
|
"authentik_stages_authenticator_static.delete_statictoken",
|
|
"authentik_stages_authenticator_static.view_authenticatorstaticstage",
|
|
"authentik_stages_authenticator_static.view_staticdevice",
|
|
"authentik_stages_authenticator_static.view_statictoken",
|
|
"authentik_stages_authenticator_totp.add_authenticatortotpstage",
|
|
"authentik_stages_authenticator_totp.add_totpdevice",
|
|
"authentik_stages_authenticator_totp.change_authenticatortotpstage",
|
|
"authentik_stages_authenticator_totp.change_totpdevice",
|
|
"authentik_stages_authenticator_totp.delete_authenticatortotpstage",
|
|
"authentik_stages_authenticator_totp.delete_totpdevice",
|
|
"authentik_stages_authenticator_totp.view_authenticatortotpstage",
|
|
"authentik_stages_authenticator_totp.view_totpdevice",
|
|
"authentik_stages_authenticator_validate.add_authenticatorvalidatestage",
|
|
"authentik_stages_authenticator_validate.change_authenticatorvalidatestage",
|
|
"authentik_stages_authenticator_validate.delete_authenticatorvalidatestage",
|
|
"authentik_stages_authenticator_validate.view_authenticatorvalidatestage",
|
|
"authentik_stages_authenticator_webauthn.add_authenticatorwebauthnstage",
|
|
"authentik_stages_authenticator_webauthn.add_webauthndevice",
|
|
"authentik_stages_authenticator_webauthn.add_webauthndevicetype",
|
|
"authentik_stages_authenticator_webauthn.change_authenticatorwebauthnstage",
|
|
"authentik_stages_authenticator_webauthn.change_webauthndevice",
|
|
"authentik_stages_authenticator_webauthn.change_webauthndevicetype",
|
|
"authentik_stages_authenticator_webauthn.delete_authenticatorwebauthnstage",
|
|
"authentik_stages_authenticator_webauthn.delete_webauthndevice",
|
|
"authentik_stages_authenticator_webauthn.delete_webauthndevicetype",
|
|
"authentik_stages_authenticator_webauthn.view_authenticatorwebauthnstage",
|
|
"authentik_stages_authenticator_webauthn.view_webauthndevice",
|
|
"authentik_stages_authenticator_webauthn.view_webauthndevicetype",
|
|
"authentik_stages_captcha.add_captchastage",
|
|
"authentik_stages_captcha.change_captchastage",
|
|
"authentik_stages_captcha.delete_captchastage",
|
|
"authentik_stages_captcha.view_captchastage",
|
|
"authentik_stages_consent.add_consentstage",
|
|
"authentik_stages_consent.add_userconsent",
|
|
"authentik_stages_consent.change_consentstage",
|
|
"authentik_stages_consent.change_userconsent",
|
|
"authentik_stages_consent.delete_consentstage",
|
|
"authentik_stages_consent.delete_userconsent",
|
|
"authentik_stages_consent.view_consentstage",
|
|
"authentik_stages_consent.view_userconsent",
|
|
"authentik_stages_deny.add_denystage",
|
|
"authentik_stages_deny.change_denystage",
|
|
"authentik_stages_deny.delete_denystage",
|
|
"authentik_stages_deny.view_denystage",
|
|
"authentik_stages_dummy.add_dummystage",
|
|
"authentik_stages_dummy.change_dummystage",
|
|
"authentik_stages_dummy.delete_dummystage",
|
|
"authentik_stages_dummy.view_dummystage",
|
|
"authentik_stages_email.add_emailstage",
|
|
"authentik_stages_email.change_emailstage",
|
|
"authentik_stages_email.delete_emailstage",
|
|
"authentik_stages_email.view_emailstage",
|
|
"authentik_stages_identification.add_identificationstage",
|
|
"authentik_stages_identification.change_identificationstage",
|
|
"authentik_stages_identification.delete_identificationstage",
|
|
"authentik_stages_identification.view_identificationstage",
|
|
"authentik_stages_invitation.add_invitation",
|
|
"authentik_stages_invitation.add_invitationstage",
|
|
"authentik_stages_invitation.change_invitation",
|
|
"authentik_stages_invitation.change_invitationstage",
|
|
"authentik_stages_invitation.delete_invitation",
|
|
"authentik_stages_invitation.delete_invitationstage",
|
|
"authentik_stages_invitation.view_invitation",
|
|
"authentik_stages_invitation.view_invitationstage",
|
|
"authentik_stages_mtls.add_mutualtlsstage",
|
|
"authentik_stages_mtls.change_mutualtlsstage",
|
|
"authentik_stages_mtls.delete_mutualtlsstage",
|
|
"authentik_stages_mtls.pass_outpost_certificate",
|
|
"authentik_stages_mtls.view_mutualtlsstage",
|
|
"authentik_stages_password.add_passwordstage",
|
|
"authentik_stages_password.change_passwordstage",
|
|
"authentik_stages_password.delete_passwordstage",
|
|
"authentik_stages_password.view_passwordstage",
|
|
"authentik_stages_prompt.add_prompt",
|
|
"authentik_stages_prompt.add_promptstage",
|
|
"authentik_stages_prompt.change_prompt",
|
|
"authentik_stages_prompt.change_promptstage",
|
|
"authentik_stages_prompt.delete_prompt",
|
|
"authentik_stages_prompt.delete_promptstage",
|
|
"authentik_stages_prompt.view_prompt",
|
|
"authentik_stages_prompt.view_promptstage",
|
|
"authentik_stages_redirect.add_redirectstage",
|
|
"authentik_stages_redirect.change_redirectstage",
|
|
"authentik_stages_redirect.delete_redirectstage",
|
|
"authentik_stages_redirect.view_redirectstage",
|
|
"authentik_stages_source.add_sourcestage",
|
|
"authentik_stages_source.change_sourcestage",
|
|
"authentik_stages_source.delete_sourcestage",
|
|
"authentik_stages_source.view_sourcestage",
|
|
"authentik_stages_user_delete.add_userdeletestage",
|
|
"authentik_stages_user_delete.change_userdeletestage",
|
|
"authentik_stages_user_delete.delete_userdeletestage",
|
|
"authentik_stages_user_delete.view_userdeletestage",
|
|
"authentik_stages_user_login.add_userloginstage",
|
|
"authentik_stages_user_login.change_userloginstage",
|
|
"authentik_stages_user_login.delete_userloginstage",
|
|
"authentik_stages_user_login.view_userloginstage",
|
|
"authentik_stages_user_logout.add_userlogoutstage",
|
|
"authentik_stages_user_logout.change_userlogoutstage",
|
|
"authentik_stages_user_logout.delete_userlogoutstage",
|
|
"authentik_stages_user_logout.view_userlogoutstage",
|
|
"authentik_stages_user_write.add_userwritestage",
|
|
"authentik_stages_user_write.change_userwritestage",
|
|
"authentik_stages_user_write.delete_userwritestage",
|
|
"authentik_stages_user_write.view_userwritestage",
|
|
"authentik_tasks.retry_task",
|
|
"authentik_tasks.view_task",
|
|
"authentik_tasks_schedules.change_schedule",
|
|
"authentik_tasks_schedules.send_schedule",
|
|
"authentik_tasks_schedules.view_schedule",
|
|
"authentik_tenants.add_domain",
|
|
"authentik_tenants.add_tenant",
|
|
"authentik_tenants.change_domain",
|
|
"authentik_tenants.change_tenant",
|
|
"authentik_tenants.delete_domain",
|
|
"authentik_tenants.delete_tenant",
|
|
"authentik_tenants.view_domain",
|
|
"authentik_tenants.view_tenant"
|
|
]
|
|
},
|
|
"title": "Permissions"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_rbac.role_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_role",
|
|
"assign_role_permissions",
|
|
"change_role",
|
|
"delete_role",
|
|
"unassign_role_permissions",
|
|
"view_role"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_sources_kerberos.groupkerberossourceconnection": {
|
|
"type": "object",
|
|
"properties": {
|
|
"group": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Group"
|
|
},
|
|
"source": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Source"
|
|
},
|
|
"identifier": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Identifier"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_sources_kerberos.groupkerberossourceconnection_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_groupkerberossourceconnection",
|
|
"change_groupkerberossourceconnection",
|
|
"delete_groupkerberossourceconnection",
|
|
"view_groupkerberossourceconnection"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_sources_kerberos.kerberossource": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name",
|
|
"description": "Source's display Name."
|
|
},
|
|
"slug": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Slug",
|
|
"description": "Internal source name, used in URLs."
|
|
},
|
|
"enabled": {
|
|
"type": "boolean",
|
|
"title": "Enabled"
|
|
},
|
|
"promoted": {
|
|
"type": "boolean",
|
|
"title": "Promoted",
|
|
"description": "When enabled, this source will be displayed as a prominent button on the login page, instead of a small icon."
|
|
},
|
|
"authentication_flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Authentication flow",
|
|
"description": "Flow to use when authenticating existing users."
|
|
},
|
|
"enrollment_flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Enrollment flow",
|
|
"description": "Flow to use when enrolling new users."
|
|
},
|
|
"user_property_mappings": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"format": "uuid"
|
|
},
|
|
"title": "User property mappings"
|
|
},
|
|
"group_property_mappings": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"format": "uuid"
|
|
},
|
|
"title": "Group property mappings"
|
|
},
|
|
"policy_engine_mode": {
|
|
"type": "string",
|
|
"enum": [
|
|
"all",
|
|
"any"
|
|
],
|
|
"title": "Policy engine mode"
|
|
},
|
|
"user_matching_mode": {
|
|
"type": "string",
|
|
"enum": [
|
|
"identifier",
|
|
"email_link",
|
|
"email_deny",
|
|
"username_link",
|
|
"username_deny"
|
|
],
|
|
"title": "User matching mode",
|
|
"description": "How the source determines if an existing user should be authenticated or a new user enrolled."
|
|
},
|
|
"user_path_template": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "User path template"
|
|
},
|
|
"icon": {
|
|
"type": "string",
|
|
"title": "Icon"
|
|
},
|
|
"group_matching_mode": {
|
|
"type": "string",
|
|
"enum": [
|
|
"identifier",
|
|
"name_link",
|
|
"name_deny"
|
|
],
|
|
"title": "Group matching mode",
|
|
"description": "How the source determines if an existing group should be used or a new group created."
|
|
},
|
|
"realm": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Realm",
|
|
"description": "Kerberos realm"
|
|
},
|
|
"krb5_conf": {
|
|
"type": "string",
|
|
"title": "Krb5 conf",
|
|
"description": "Custom krb5.conf to use. Uses the system one by default"
|
|
},
|
|
"kadmin_type": {
|
|
"type": "string",
|
|
"enum": [
|
|
"MIT",
|
|
"Heimdal"
|
|
],
|
|
"title": "Kadmin type",
|
|
"description": "KAdmin server type"
|
|
},
|
|
"sync_users": {
|
|
"type": "boolean",
|
|
"title": "Sync users",
|
|
"description": "Sync users from Kerberos into authentik"
|
|
},
|
|
"sync_users_password": {
|
|
"type": "boolean",
|
|
"title": "Sync users password",
|
|
"description": "When a user changes their password, sync it back to Kerberos"
|
|
},
|
|
"sync_principal": {
|
|
"type": "string",
|
|
"title": "Sync principal",
|
|
"description": "Principal to authenticate to kadmin for sync."
|
|
},
|
|
"sync_password": {
|
|
"type": "string",
|
|
"title": "Sync password",
|
|
"description": "Password to authenticate to kadmin for sync"
|
|
},
|
|
"sync_keytab": {
|
|
"type": "string",
|
|
"title": "Sync keytab",
|
|
"description": "Keytab to authenticate to kadmin for sync. Must be base64-encoded or in the form TYPE:residual"
|
|
},
|
|
"sync_ccache": {
|
|
"type": "string",
|
|
"title": "Sync ccache",
|
|
"description": "Credentials cache to authenticate to kadmin for sync. Must be in the form TYPE:residual"
|
|
},
|
|
"spnego_server_name": {
|
|
"type": "string",
|
|
"title": "Spnego server name",
|
|
"description": "Force the use of a specific server name for SPNEGO. Must be in the form HTTP@hostname"
|
|
},
|
|
"spnego_keytab": {
|
|
"type": "string",
|
|
"title": "Spnego keytab",
|
|
"description": "SPNEGO keytab base64-encoded or path to keytab in the form FILE:path"
|
|
},
|
|
"spnego_ccache": {
|
|
"type": "string",
|
|
"title": "Spnego ccache",
|
|
"description": "Credential cache to use for SPNEGO in form type:residual"
|
|
},
|
|
"password_login_update_internal_password": {
|
|
"type": "boolean",
|
|
"title": "Password login update internal password",
|
|
"description": "If enabled, the authentik-stored password will be updated upon login with the Kerberos password backend"
|
|
},
|
|
"sync_outgoing_trigger_mode": {
|
|
"type": "string",
|
|
"enum": [
|
|
"none",
|
|
"immediate",
|
|
"deferred_end"
|
|
],
|
|
"title": "Sync outgoing trigger mode",
|
|
"description": "When to trigger sync for outgoing providers"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_sources_kerberos.kerberossource_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_kerberossource",
|
|
"change_kerberossource",
|
|
"delete_kerberossource",
|
|
"view_kerberossource"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_sources_kerberos.kerberossourcepropertymapping": {
|
|
"type": "object",
|
|
"properties": {
|
|
"managed": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
],
|
|
"minLength": 1,
|
|
"title": "Managed by authentik",
|
|
"description": "Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update."
|
|
},
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"expression": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Expression"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_sources_kerberos.kerberossourcepropertymapping_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_kerberossourcepropertymapping",
|
|
"change_kerberossourcepropertymapping",
|
|
"delete_kerberossourcepropertymapping",
|
|
"view_kerberossourcepropertymapping"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_sources_kerberos.userkerberossourceconnection": {
|
|
"type": "object",
|
|
"properties": {
|
|
"user": {
|
|
"type": "integer",
|
|
"title": "User"
|
|
},
|
|
"source": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Source"
|
|
},
|
|
"identifier": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Identifier"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_sources_kerberos.userkerberossourceconnection_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_userkerberossourceconnection",
|
|
"change_userkerberossourceconnection",
|
|
"delete_userkerberossourceconnection",
|
|
"view_userkerberossourceconnection"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_sources_ldap.groupldapsourceconnection": {
|
|
"type": "object",
|
|
"properties": {
|
|
"group": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Group"
|
|
},
|
|
"source": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Source"
|
|
},
|
|
"identifier": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Identifier"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_sources_ldap.groupldapsourceconnection_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_groupldapsourceconnection",
|
|
"change_groupldapsourceconnection",
|
|
"delete_groupldapsourceconnection",
|
|
"view_groupldapsourceconnection"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_sources_ldap.ldapsource": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name",
|
|
"description": "Source's display Name."
|
|
},
|
|
"slug": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Slug",
|
|
"description": "Internal source name, used in URLs."
|
|
},
|
|
"enabled": {
|
|
"type": "boolean",
|
|
"title": "Enabled"
|
|
},
|
|
"promoted": {
|
|
"type": "boolean",
|
|
"title": "Promoted",
|
|
"description": "When enabled, this source will be displayed as a prominent button on the login page, instead of a small icon."
|
|
},
|
|
"authentication_flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Authentication flow",
|
|
"description": "Flow to use when authenticating existing users."
|
|
},
|
|
"enrollment_flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Enrollment flow",
|
|
"description": "Flow to use when enrolling new users."
|
|
},
|
|
"user_property_mappings": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"format": "uuid"
|
|
},
|
|
"title": "User property mappings"
|
|
},
|
|
"group_property_mappings": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"format": "uuid"
|
|
},
|
|
"title": "Group property mappings"
|
|
},
|
|
"policy_engine_mode": {
|
|
"type": "string",
|
|
"enum": [
|
|
"all",
|
|
"any"
|
|
],
|
|
"title": "Policy engine mode"
|
|
},
|
|
"user_matching_mode": {
|
|
"type": "string",
|
|
"enum": [
|
|
"identifier",
|
|
"email_link",
|
|
"email_deny",
|
|
"username_link",
|
|
"username_deny"
|
|
],
|
|
"title": "User matching mode",
|
|
"description": "How the source determines if an existing user should be authenticated or a new user enrolled."
|
|
},
|
|
"user_path_template": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "User path template"
|
|
},
|
|
"icon": {
|
|
"type": "string",
|
|
"title": "Icon"
|
|
},
|
|
"server_uri": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Server URI"
|
|
},
|
|
"peer_certificate": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Peer certificate",
|
|
"description": "Optionally verify the LDAP Server's Certificate against the CA Chain in this keypair."
|
|
},
|
|
"client_certificate": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Client certificate",
|
|
"description": "Client certificate to authenticate against the LDAP Server's Certificate."
|
|
},
|
|
"bind_cn": {
|
|
"type": "string",
|
|
"title": "Bind CN"
|
|
},
|
|
"bind_password": {
|
|
"type": "string",
|
|
"title": "Bind password"
|
|
},
|
|
"start_tls": {
|
|
"type": "boolean",
|
|
"title": "Enable Start TLS"
|
|
},
|
|
"sni": {
|
|
"type": "boolean",
|
|
"title": "Use Server URI for SNI verification"
|
|
},
|
|
"base_dn": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Base DN"
|
|
},
|
|
"additional_user_dn": {
|
|
"type": "string",
|
|
"title": "Addition User DN",
|
|
"description": "Prepended to Base DN for User-queries."
|
|
},
|
|
"additional_group_dn": {
|
|
"type": "string",
|
|
"title": "Addition Group DN",
|
|
"description": "Prepended to Base DN for Group-queries."
|
|
},
|
|
"user_object_filter": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "User object filter",
|
|
"description": "Consider Objects matching this filter to be Users."
|
|
},
|
|
"group_object_filter": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Group object filter",
|
|
"description": "Consider Objects matching this filter to be Groups."
|
|
},
|
|
"group_membership_field": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Group membership field",
|
|
"description": "Field which contains members of a group."
|
|
},
|
|
"user_membership_attribute": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "User membership attribute",
|
|
"description": "Attribute which matches the value of `group_membership_field`."
|
|
},
|
|
"object_uniqueness_field": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Object uniqueness field",
|
|
"description": "Field which contains a unique Identifier."
|
|
},
|
|
"password_login_update_internal_password": {
|
|
"type": "boolean",
|
|
"title": "Password login update internal password",
|
|
"description": "Update internal authentik password when login succeeds with LDAP"
|
|
},
|
|
"sync_users": {
|
|
"type": "boolean",
|
|
"title": "Sync users"
|
|
},
|
|
"sync_users_password": {
|
|
"type": "boolean",
|
|
"title": "Sync users password",
|
|
"description": "When a user changes their password, sync it back to LDAP. This can only be enabled on a single LDAP source."
|
|
},
|
|
"sync_groups": {
|
|
"type": "boolean",
|
|
"title": "Sync groups"
|
|
},
|
|
"sync_parent_group": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Sync parent group"
|
|
},
|
|
"lookup_groups_from_user": {
|
|
"type": "boolean",
|
|
"title": "Lookup groups from user",
|
|
"description": "Lookup group membership based on a user attribute instead of a group attribute. This allows nested group resolution on systems like FreeIPA and Active Directory"
|
|
},
|
|
"delete_not_found_objects": {
|
|
"type": "boolean",
|
|
"title": "Delete not found objects",
|
|
"description": "Delete authentik users and groups which were previously supplied by this source, but are now missing from it."
|
|
},
|
|
"sync_outgoing_trigger_mode": {
|
|
"type": "string",
|
|
"enum": [
|
|
"none",
|
|
"immediate",
|
|
"deferred_end"
|
|
],
|
|
"title": "Sync outgoing trigger mode",
|
|
"description": "When to trigger sync for outgoing providers"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_sources_ldap.ldapsource_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_ldapsource",
|
|
"change_ldapsource",
|
|
"delete_ldapsource",
|
|
"view_ldapsource"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_sources_ldap.ldapsourcepropertymapping": {
|
|
"type": "object",
|
|
"properties": {
|
|
"managed": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
],
|
|
"minLength": 1,
|
|
"title": "Managed by authentik",
|
|
"description": "Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update."
|
|
},
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"expression": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Expression"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_sources_ldap.ldapsourcepropertymapping_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_ldapsourcepropertymapping",
|
|
"change_ldapsourcepropertymapping",
|
|
"delete_ldapsourcepropertymapping",
|
|
"view_ldapsourcepropertymapping"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_sources_ldap.userldapsourceconnection": {
|
|
"type": "object",
|
|
"properties": {
|
|
"user": {
|
|
"type": "integer",
|
|
"title": "User"
|
|
},
|
|
"source": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Source"
|
|
},
|
|
"identifier": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Identifier"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_sources_ldap.userldapsourceconnection_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_userldapsourceconnection",
|
|
"change_userldapsourceconnection",
|
|
"delete_userldapsourceconnection",
|
|
"view_userldapsourceconnection"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_sources_oauth.groupoauthsourceconnection": {
|
|
"type": "object",
|
|
"properties": {
|
|
"group": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Group"
|
|
},
|
|
"source": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Source"
|
|
},
|
|
"identifier": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Identifier"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_sources_oauth.groupoauthsourceconnection_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_groupoauthsourceconnection",
|
|
"change_groupoauthsourceconnection",
|
|
"delete_groupoauthsourceconnection",
|
|
"view_groupoauthsourceconnection"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_sources_oauth.oauthsource": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name",
|
|
"description": "Source's display Name."
|
|
},
|
|
"slug": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Slug",
|
|
"description": "Internal source name, used in URLs."
|
|
},
|
|
"enabled": {
|
|
"type": "boolean",
|
|
"title": "Enabled"
|
|
},
|
|
"promoted": {
|
|
"type": "boolean",
|
|
"title": "Promoted",
|
|
"description": "When enabled, this source will be displayed as a prominent button on the login page, instead of a small icon."
|
|
},
|
|
"authentication_flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Authentication flow",
|
|
"description": "Flow to use when authenticating existing users."
|
|
},
|
|
"enrollment_flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Enrollment flow",
|
|
"description": "Flow to use when enrolling new users."
|
|
},
|
|
"user_property_mappings": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"format": "uuid"
|
|
},
|
|
"title": "User property mappings"
|
|
},
|
|
"group_property_mappings": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"format": "uuid"
|
|
},
|
|
"title": "Group property mappings"
|
|
},
|
|
"policy_engine_mode": {
|
|
"type": "string",
|
|
"enum": [
|
|
"all",
|
|
"any"
|
|
],
|
|
"title": "Policy engine mode"
|
|
},
|
|
"user_matching_mode": {
|
|
"type": "string",
|
|
"enum": [
|
|
"identifier",
|
|
"email_link",
|
|
"email_deny",
|
|
"username_link",
|
|
"username_deny"
|
|
],
|
|
"title": "User matching mode",
|
|
"description": "How the source determines if an existing user should be authenticated or a new user enrolled."
|
|
},
|
|
"user_path_template": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "User path template"
|
|
},
|
|
"icon": {
|
|
"type": "string",
|
|
"title": "Icon"
|
|
},
|
|
"group_matching_mode": {
|
|
"type": "string",
|
|
"enum": [
|
|
"identifier",
|
|
"name_link",
|
|
"name_deny"
|
|
],
|
|
"title": "Group matching mode",
|
|
"description": "How the source determines if an existing group should be used or a new group created."
|
|
},
|
|
"provider_type": {
|
|
"type": "string",
|
|
"enum": [
|
|
"apple",
|
|
"openidconnect",
|
|
"entraid",
|
|
"azuread",
|
|
"discord",
|
|
"facebook",
|
|
"github",
|
|
"gitlab",
|
|
"google",
|
|
"mailcow",
|
|
"okta",
|
|
"patreon",
|
|
"reddit",
|
|
"slack",
|
|
"twitch",
|
|
"twitter",
|
|
"wechat"
|
|
],
|
|
"title": "Provider type"
|
|
},
|
|
"request_token_url": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
],
|
|
"maxLength": 255,
|
|
"title": "Request Token URL",
|
|
"description": "URL used to request the initial token. This URL is only required for OAuth 1."
|
|
},
|
|
"authorization_url": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
],
|
|
"maxLength": 255,
|
|
"title": "Authorization URL",
|
|
"description": "URL the user is redirect to to conest the flow."
|
|
},
|
|
"access_token_url": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
],
|
|
"maxLength": 255,
|
|
"title": "Access Token URL",
|
|
"description": "URL used by authentik to retrieve tokens."
|
|
},
|
|
"profile_url": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
],
|
|
"maxLength": 255,
|
|
"title": "Profile URL",
|
|
"description": "URL used by authentik to get user information."
|
|
},
|
|
"pkce": {
|
|
"type": "string",
|
|
"enum": [
|
|
"none",
|
|
"plain",
|
|
"S256"
|
|
],
|
|
"title": "PKCE"
|
|
},
|
|
"consumer_key": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Consumer key"
|
|
},
|
|
"consumer_secret": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Consumer secret"
|
|
},
|
|
"additional_scopes": {
|
|
"type": "string",
|
|
"title": "Additional Scopes"
|
|
},
|
|
"oidc_well_known_url": {
|
|
"type": "string",
|
|
"title": "Oidc well known url"
|
|
},
|
|
"oidc_jwks_url": {
|
|
"type": "string",
|
|
"title": "Oidc jwks url"
|
|
},
|
|
"oidc_jwks": {
|
|
"type": "object",
|
|
"additionalProperties": true,
|
|
"title": "Oidc jwks"
|
|
},
|
|
"authorization_code_auth_method": {
|
|
"type": "string",
|
|
"enum": [
|
|
"basic_auth",
|
|
"post_body"
|
|
],
|
|
"title": "Authorization code auth method",
|
|
"description": "How to perform authentication during an authorization_code token request flow"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_sources_oauth.oauthsource_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_oauthsource",
|
|
"change_oauthsource",
|
|
"delete_oauthsource",
|
|
"view_oauthsource"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_sources_oauth.oauthsourcepropertymapping": {
|
|
"type": "object",
|
|
"properties": {
|
|
"managed": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
],
|
|
"minLength": 1,
|
|
"title": "Managed by authentik",
|
|
"description": "Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update."
|
|
},
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"expression": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Expression"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_sources_oauth.oauthsourcepropertymapping_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_oauthsourcepropertymapping",
|
|
"change_oauthsourcepropertymapping",
|
|
"delete_oauthsourcepropertymapping",
|
|
"view_oauthsourcepropertymapping"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_sources_oauth.useroauthsourceconnection": {
|
|
"type": "object",
|
|
"properties": {
|
|
"user": {
|
|
"type": "integer",
|
|
"title": "User"
|
|
},
|
|
"source": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Source"
|
|
},
|
|
"identifier": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Identifier"
|
|
},
|
|
"access_token": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
],
|
|
"title": "Access token"
|
|
},
|
|
"expires": {
|
|
"type": "string",
|
|
"format": "date-time",
|
|
"title": "Expires"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_sources_oauth.useroauthsourceconnection_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_useroauthsourceconnection",
|
|
"change_useroauthsourceconnection",
|
|
"delete_useroauthsourceconnection",
|
|
"view_useroauthsourceconnection"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_sources_plex.groupplexsourceconnection": {
|
|
"type": "object",
|
|
"properties": {
|
|
"group": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Group"
|
|
},
|
|
"source": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Source"
|
|
},
|
|
"identifier": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Identifier"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_sources_plex.groupplexsourceconnection_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_groupplexsourceconnection",
|
|
"change_groupplexsourceconnection",
|
|
"delete_groupplexsourceconnection",
|
|
"view_groupplexsourceconnection"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_sources_plex.plexsource": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name",
|
|
"description": "Source's display Name."
|
|
},
|
|
"slug": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Slug",
|
|
"description": "Internal source name, used in URLs."
|
|
},
|
|
"enabled": {
|
|
"type": "boolean",
|
|
"title": "Enabled"
|
|
},
|
|
"promoted": {
|
|
"type": "boolean",
|
|
"title": "Promoted",
|
|
"description": "When enabled, this source will be displayed as a prominent button on the login page, instead of a small icon."
|
|
},
|
|
"authentication_flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Authentication flow",
|
|
"description": "Flow to use when authenticating existing users."
|
|
},
|
|
"enrollment_flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Enrollment flow",
|
|
"description": "Flow to use when enrolling new users."
|
|
},
|
|
"user_property_mappings": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"format": "uuid"
|
|
},
|
|
"title": "User property mappings"
|
|
},
|
|
"group_property_mappings": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"format": "uuid"
|
|
},
|
|
"title": "Group property mappings"
|
|
},
|
|
"policy_engine_mode": {
|
|
"type": "string",
|
|
"enum": [
|
|
"all",
|
|
"any"
|
|
],
|
|
"title": "Policy engine mode"
|
|
},
|
|
"user_matching_mode": {
|
|
"type": "string",
|
|
"enum": [
|
|
"identifier",
|
|
"email_link",
|
|
"email_deny",
|
|
"username_link",
|
|
"username_deny"
|
|
],
|
|
"title": "User matching mode",
|
|
"description": "How the source determines if an existing user should be authenticated or a new user enrolled."
|
|
},
|
|
"user_path_template": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "User path template"
|
|
},
|
|
"icon": {
|
|
"type": "string",
|
|
"title": "Icon"
|
|
},
|
|
"group_matching_mode": {
|
|
"type": "string",
|
|
"enum": [
|
|
"identifier",
|
|
"name_link",
|
|
"name_deny"
|
|
],
|
|
"title": "Group matching mode",
|
|
"description": "How the source determines if an existing group should be used or a new group created."
|
|
},
|
|
"client_id": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Client id",
|
|
"description": "Client identifier used to talk to Plex."
|
|
},
|
|
"allowed_servers": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Allowed servers"
|
|
},
|
|
"title": "Allowed servers",
|
|
"description": "Which servers a user has to be a member of to be granted access. Empty list allows every server."
|
|
},
|
|
"allow_friends": {
|
|
"type": "boolean",
|
|
"title": "Allow friends",
|
|
"description": "Allow friends to authenticate, even if you don't share a server."
|
|
},
|
|
"plex_token": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Plex token",
|
|
"description": "Plex token used to check friends"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_sources_plex.plexsource_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_plexsource",
|
|
"change_plexsource",
|
|
"delete_plexsource",
|
|
"view_plexsource"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_sources_plex.plexsourcepropertymapping": {
|
|
"type": "object",
|
|
"properties": {
|
|
"managed": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
],
|
|
"minLength": 1,
|
|
"title": "Managed by authentik",
|
|
"description": "Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update."
|
|
},
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"expression": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Expression"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_sources_plex.plexsourcepropertymapping_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_plexsourcepropertymapping",
|
|
"change_plexsourcepropertymapping",
|
|
"delete_plexsourcepropertymapping",
|
|
"view_plexsourcepropertymapping"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_sources_plex.userplexsourceconnection": {
|
|
"type": "object",
|
|
"properties": {
|
|
"user": {
|
|
"type": "integer",
|
|
"title": "User"
|
|
},
|
|
"source": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Source"
|
|
},
|
|
"identifier": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Identifier"
|
|
},
|
|
"plex_token": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Plex token"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_sources_plex.userplexsourceconnection_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_userplexsourceconnection",
|
|
"change_userplexsourceconnection",
|
|
"delete_userplexsourceconnection",
|
|
"view_userplexsourceconnection"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_sources_saml.groupsamlsourceconnection": {
|
|
"type": "object",
|
|
"properties": {
|
|
"group": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Group"
|
|
},
|
|
"source": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Source"
|
|
},
|
|
"identifier": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Identifier"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_sources_saml.groupsamlsourceconnection_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_groupsamlsourceconnection",
|
|
"change_groupsamlsourceconnection",
|
|
"delete_groupsamlsourceconnection",
|
|
"view_groupsamlsourceconnection"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_sources_saml.samlsource": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name",
|
|
"description": "Source's display Name."
|
|
},
|
|
"slug": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Slug",
|
|
"description": "Internal source name, used in URLs."
|
|
},
|
|
"enabled": {
|
|
"type": "boolean",
|
|
"title": "Enabled"
|
|
},
|
|
"promoted": {
|
|
"type": "boolean",
|
|
"title": "Promoted",
|
|
"description": "When enabled, this source will be displayed as a prominent button on the login page, instead of a small icon."
|
|
},
|
|
"authentication_flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Authentication flow",
|
|
"description": "Flow to use when authenticating existing users."
|
|
},
|
|
"enrollment_flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Enrollment flow",
|
|
"description": "Flow to use when enrolling new users."
|
|
},
|
|
"user_property_mappings": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"format": "uuid"
|
|
},
|
|
"title": "User property mappings"
|
|
},
|
|
"group_property_mappings": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"format": "uuid"
|
|
},
|
|
"title": "Group property mappings"
|
|
},
|
|
"policy_engine_mode": {
|
|
"type": "string",
|
|
"enum": [
|
|
"all",
|
|
"any"
|
|
],
|
|
"title": "Policy engine mode"
|
|
},
|
|
"user_matching_mode": {
|
|
"type": "string",
|
|
"enum": [
|
|
"identifier",
|
|
"email_link",
|
|
"email_deny",
|
|
"username_link",
|
|
"username_deny"
|
|
],
|
|
"title": "User matching mode",
|
|
"description": "How the source determines if an existing user should be authenticated or a new user enrolled."
|
|
},
|
|
"user_path_template": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "User path template"
|
|
},
|
|
"icon": {
|
|
"type": "string",
|
|
"title": "Icon"
|
|
},
|
|
"group_matching_mode": {
|
|
"type": "string",
|
|
"enum": [
|
|
"identifier",
|
|
"name_link",
|
|
"name_deny"
|
|
],
|
|
"title": "Group matching mode",
|
|
"description": "How the source determines if an existing group should be used or a new group created."
|
|
},
|
|
"pre_authentication_flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Pre authentication flow",
|
|
"description": "Flow used before authentication."
|
|
},
|
|
"issuer": {
|
|
"type": "string",
|
|
"title": "Issuer",
|
|
"description": "Also known as Entity ID. Defaults the Metadata URL."
|
|
},
|
|
"sso_url": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "SSO URL",
|
|
"description": "URL that the initial Login request is sent to."
|
|
},
|
|
"slo_url": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
],
|
|
"title": "SLO URL",
|
|
"description": "Optional URL if your IDP supports Single-Logout."
|
|
},
|
|
"allow_idp_initiated": {
|
|
"type": "boolean",
|
|
"title": "Allow idp initiated",
|
|
"description": "Allows authentication flows initiated by the IdP. This can be a security risk, as no validation of the request ID is done."
|
|
},
|
|
"force_authn": {
|
|
"type": "boolean",
|
|
"title": "Force authn",
|
|
"description": "When enabled, the IdP will re-authenticate the user even if a session exists."
|
|
},
|
|
"name_id_policy": {
|
|
"type": "string",
|
|
"enum": [
|
|
"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress",
|
|
"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
|
|
"urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName",
|
|
"urn:oasis:names:tc:SAML:2.0:nameid-format:WindowsDomainQualifiedName",
|
|
"urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
|
|
"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
|
|
],
|
|
"title": "Name id policy",
|
|
"description": "NameID Policy sent to the IdP. Can be unset, in which case no Policy is sent."
|
|
},
|
|
"binding_type": {
|
|
"type": "string",
|
|
"enum": [
|
|
"REDIRECT",
|
|
"POST",
|
|
"POST_AUTO"
|
|
],
|
|
"title": "Binding type"
|
|
},
|
|
"verification_kp": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Verification Certificate",
|
|
"description": "When selected, incoming assertion's Signatures will be validated against this certificate. To allow unsigned Requests, leave on default."
|
|
},
|
|
"signing_kp": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Signing Keypair",
|
|
"description": "Keypair used to sign outgoing Responses going to the Identity Provider."
|
|
},
|
|
"digest_algorithm": {
|
|
"type": "string",
|
|
"enum": [
|
|
"http://www.w3.org/2000/09/xmldsig#sha1",
|
|
"http://www.w3.org/2001/04/xmlenc#sha256",
|
|
"http://www.w3.org/2001/04/xmldsig-more#sha384",
|
|
"http://www.w3.org/2001/04/xmlenc#sha512"
|
|
],
|
|
"title": "Digest algorithm"
|
|
},
|
|
"signature_algorithm": {
|
|
"type": "string",
|
|
"enum": [
|
|
"http://www.w3.org/2000/09/xmldsig#rsa-sha1",
|
|
"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",
|
|
"http://www.w3.org/2001/04/xmldsig-more#rsa-sha384",
|
|
"http://www.w3.org/2001/04/xmldsig-more#rsa-sha512",
|
|
"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1",
|
|
"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256",
|
|
"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384",
|
|
"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512",
|
|
"http://www.w3.org/2000/09/xmldsig#dsa-sha1"
|
|
],
|
|
"title": "Signature algorithm"
|
|
},
|
|
"temporary_user_delete_after": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Delete temporary users after",
|
|
"description": "Time offset when temporary users should be deleted. This only applies if your IDP uses the NameID Format 'transient', and the user doesn't log out manually. (Format: hours=1;minutes=2;seconds=3)."
|
|
},
|
|
"encryption_kp": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Encryption Keypair",
|
|
"description": "When selected, incoming assertions are encrypted by the IdP using the public key of the encryption keypair. The assertion is decrypted by the SP using the the private key."
|
|
},
|
|
"signed_assertion": {
|
|
"type": "boolean",
|
|
"title": "Signed assertion"
|
|
},
|
|
"signed_response": {
|
|
"type": "boolean",
|
|
"title": "Signed response"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_sources_saml.samlsource_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_samlsource",
|
|
"change_samlsource",
|
|
"delete_samlsource",
|
|
"view_samlsource"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_sources_saml.samlsourcepropertymapping": {
|
|
"type": "object",
|
|
"properties": {
|
|
"managed": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
],
|
|
"minLength": 1,
|
|
"title": "Managed by authentik",
|
|
"description": "Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update."
|
|
},
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"expression": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Expression"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_sources_saml.samlsourcepropertymapping_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_samlsourcepropertymapping",
|
|
"change_samlsourcepropertymapping",
|
|
"delete_samlsourcepropertymapping",
|
|
"view_samlsourcepropertymapping"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_sources_saml.usersamlsourceconnection": {
|
|
"type": "object",
|
|
"properties": {
|
|
"user": {
|
|
"type": "integer",
|
|
"title": "User"
|
|
},
|
|
"source": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Source"
|
|
},
|
|
"identifier": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Identifier"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_sources_saml.usersamlsourceconnection_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_usersamlsourceconnection",
|
|
"change_usersamlsourceconnection",
|
|
"delete_usersamlsourceconnection",
|
|
"view_usersamlsourceconnection"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_sources_scim.scimsource": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name",
|
|
"description": "Source's display Name."
|
|
},
|
|
"slug": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Slug",
|
|
"description": "Internal source name, used in URLs."
|
|
},
|
|
"enabled": {
|
|
"type": "boolean",
|
|
"title": "Enabled"
|
|
},
|
|
"user_property_mappings": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"format": "uuid"
|
|
},
|
|
"title": "User property mappings"
|
|
},
|
|
"group_property_mappings": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"format": "uuid"
|
|
},
|
|
"title": "Group property mappings"
|
|
},
|
|
"user_path_template": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "User path template"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_sources_scim.scimsource_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_scimsource",
|
|
"change_scimsource",
|
|
"delete_scimsource",
|
|
"view_scimsource"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_sources_scim.scimsourcepropertymapping": {
|
|
"type": "object",
|
|
"properties": {
|
|
"managed": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
],
|
|
"minLength": 1,
|
|
"title": "Managed by authentik",
|
|
"description": "Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update."
|
|
},
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"expression": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Expression"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_sources_scim.scimsourcepropertymapping_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_scimsourcepropertymapping",
|
|
"change_scimsourcepropertymapping",
|
|
"delete_scimsourcepropertymapping",
|
|
"view_scimsourcepropertymapping"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_sources_telegram.grouptelegramsourceconnection": {
|
|
"type": "object",
|
|
"properties": {
|
|
"group": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Group"
|
|
},
|
|
"source": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Source"
|
|
},
|
|
"identifier": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Identifier"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_sources_telegram.grouptelegramsourceconnection_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_grouptelegramsourceconnection",
|
|
"change_grouptelegramsourceconnection",
|
|
"delete_grouptelegramsourceconnection",
|
|
"view_grouptelegramsourceconnection"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_sources_telegram.telegramsource": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name",
|
|
"description": "Source's display Name."
|
|
},
|
|
"slug": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Slug",
|
|
"description": "Internal source name, used in URLs."
|
|
},
|
|
"enabled": {
|
|
"type": "boolean",
|
|
"title": "Enabled"
|
|
},
|
|
"promoted": {
|
|
"type": "boolean",
|
|
"title": "Promoted",
|
|
"description": "When enabled, this source will be displayed as a prominent button on the login page, instead of a small icon."
|
|
},
|
|
"authentication_flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Authentication flow",
|
|
"description": "Flow to use when authenticating existing users."
|
|
},
|
|
"enrollment_flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Enrollment flow",
|
|
"description": "Flow to use when enrolling new users."
|
|
},
|
|
"user_property_mappings": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"format": "uuid"
|
|
},
|
|
"title": "User property mappings"
|
|
},
|
|
"group_property_mappings": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"format": "uuid"
|
|
},
|
|
"title": "Group property mappings"
|
|
},
|
|
"policy_engine_mode": {
|
|
"type": "string",
|
|
"enum": [
|
|
"all",
|
|
"any"
|
|
],
|
|
"title": "Policy engine mode"
|
|
},
|
|
"user_matching_mode": {
|
|
"type": "string",
|
|
"enum": [
|
|
"identifier",
|
|
"email_link",
|
|
"email_deny",
|
|
"username_link",
|
|
"username_deny"
|
|
],
|
|
"title": "User matching mode",
|
|
"description": "How the source determines if an existing user should be authenticated or a new user enrolled."
|
|
},
|
|
"user_path_template": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "User path template"
|
|
},
|
|
"icon": {
|
|
"type": "string",
|
|
"title": "Icon"
|
|
},
|
|
"bot_username": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Bot username",
|
|
"description": "Telegram bot username"
|
|
},
|
|
"bot_token": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Bot token",
|
|
"description": "Telegram bot token"
|
|
},
|
|
"request_message_access": {
|
|
"type": "boolean",
|
|
"title": "Request message access",
|
|
"description": "Request access to send messages from your bot."
|
|
},
|
|
"pre_authentication_flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Pre authentication flow",
|
|
"description": "Flow used before authentication."
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_sources_telegram.telegramsource_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_telegramsource",
|
|
"change_telegramsource",
|
|
"delete_telegramsource",
|
|
"view_telegramsource"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_sources_telegram.telegramsourcepropertymapping": {
|
|
"type": "object",
|
|
"properties": {
|
|
"managed": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
],
|
|
"minLength": 1,
|
|
"title": "Managed by authentik",
|
|
"description": "Objects that are managed by authentik. These objects are created and updated automatically. This flag only indicates that an object can be overwritten by migrations. You can still modify the objects via the API, but expect changes to be overwritten in a later update."
|
|
},
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"expression": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Expression"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_sources_telegram.telegramsourcepropertymapping_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_telegramsourcepropertymapping",
|
|
"change_telegramsourcepropertymapping",
|
|
"delete_telegramsourcepropertymapping",
|
|
"view_telegramsourcepropertymapping"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_sources_telegram.usertelegramsourceconnection": {
|
|
"type": "object",
|
|
"properties": {
|
|
"user": {
|
|
"type": "integer",
|
|
"title": "User"
|
|
},
|
|
"source": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Source"
|
|
},
|
|
"identifier": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Identifier"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_sources_telegram.usertelegramsourceconnection_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_usertelegramsourceconnection",
|
|
"change_usertelegramsourceconnection",
|
|
"delete_usertelegramsourceconnection",
|
|
"view_usertelegramsourceconnection"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_stages_authenticator_duo.authenticatorduostage": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"configure_flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Configure flow",
|
|
"description": "Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage."
|
|
},
|
|
"friendly_name": {
|
|
"type": "string",
|
|
"title": "Friendly name"
|
|
},
|
|
"client_id": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Client id"
|
|
},
|
|
"client_secret": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Client secret"
|
|
},
|
|
"api_hostname": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Api hostname"
|
|
},
|
|
"admin_integration_key": {
|
|
"type": "string",
|
|
"title": "Admin integration key"
|
|
},
|
|
"admin_secret_key": {
|
|
"type": "string",
|
|
"title": "Admin secret key"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_stages_authenticator_duo.authenticatorduostage_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_authenticatorduostage",
|
|
"change_authenticatorduostage",
|
|
"delete_authenticatorduostage",
|
|
"view_authenticatorduostage"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_stages_authenticator_duo.duodevice": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"maxLength": 64,
|
|
"minLength": 1,
|
|
"title": "Name",
|
|
"description": "The human-readable name of this device."
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_stages_authenticator_duo.duodevice_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_duodevice",
|
|
"change_duodevice",
|
|
"delete_duodevice",
|
|
"view_duodevice"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_stages_authenticator_email.authenticatoremailstage": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"configure_flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Configure flow",
|
|
"description": "Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage."
|
|
},
|
|
"friendly_name": {
|
|
"type": "string",
|
|
"title": "Friendly name"
|
|
},
|
|
"use_global_settings": {
|
|
"type": "boolean",
|
|
"title": "Use global settings",
|
|
"description": "When enabled, global Email connection settings will be used and connection settings below will be ignored."
|
|
},
|
|
"host": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Host"
|
|
},
|
|
"port": {
|
|
"type": "integer",
|
|
"minimum": -2147483648,
|
|
"maximum": 2147483647,
|
|
"title": "Port"
|
|
},
|
|
"username": {
|
|
"type": "string",
|
|
"title": "Username"
|
|
},
|
|
"password": {
|
|
"type": "string",
|
|
"title": "Password"
|
|
},
|
|
"use_tls": {
|
|
"type": "boolean",
|
|
"title": "Use tls"
|
|
},
|
|
"use_ssl": {
|
|
"type": "boolean",
|
|
"title": "Use ssl"
|
|
},
|
|
"timeout": {
|
|
"type": "integer",
|
|
"minimum": -2147483648,
|
|
"maximum": 2147483647,
|
|
"title": "Timeout"
|
|
},
|
|
"from_address": {
|
|
"type": "string",
|
|
"format": "email",
|
|
"maxLength": 254,
|
|
"minLength": 1,
|
|
"title": "From address"
|
|
},
|
|
"subject": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Subject"
|
|
},
|
|
"token_expiry": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Token expiry",
|
|
"description": "Time the token sent is valid (Format: hours=3,minutes=17,seconds=300)."
|
|
},
|
|
"template": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Template"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_stages_authenticator_email.authenticatoremailstage_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_authenticatoremailstage",
|
|
"change_authenticatoremailstage",
|
|
"delete_authenticatoremailstage",
|
|
"view_authenticatoremailstage"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_stages_authenticator_email.emaildevice": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"maxLength": 64,
|
|
"minLength": 1,
|
|
"title": "Name",
|
|
"description": "The human-readable name of this device."
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_stages_authenticator_email.emaildevice_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_emaildevice",
|
|
"change_emaildevice",
|
|
"delete_emaildevice",
|
|
"view_emaildevice"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_stages_authenticator_sms.authenticatorsmsstage": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"configure_flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Configure flow",
|
|
"description": "Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage."
|
|
},
|
|
"friendly_name": {
|
|
"type": "string",
|
|
"title": "Friendly name"
|
|
},
|
|
"provider": {
|
|
"type": "string",
|
|
"enum": [
|
|
"twilio",
|
|
"generic"
|
|
],
|
|
"title": "Provider"
|
|
},
|
|
"from_number": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "From number"
|
|
},
|
|
"account_sid": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Account sid"
|
|
},
|
|
"auth": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Auth"
|
|
},
|
|
"auth_password": {
|
|
"type": "string",
|
|
"title": "Auth password"
|
|
},
|
|
"auth_type": {
|
|
"type": "string",
|
|
"enum": [
|
|
"basic",
|
|
"bearer"
|
|
],
|
|
"title": "Auth type"
|
|
},
|
|
"verify_only": {
|
|
"type": "boolean",
|
|
"title": "Verify only",
|
|
"description": "When enabled, the Phone number is only used during enrollment to verify the users authenticity. Only a hash of the phone number is saved to ensure it is not reused in the future."
|
|
},
|
|
"mapping": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Mapping",
|
|
"description": "Optionally modify the payload being sent to custom providers."
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_stages_authenticator_sms.authenticatorsmsstage_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_authenticatorsmsstage",
|
|
"change_authenticatorsmsstage",
|
|
"delete_authenticatorsmsstage",
|
|
"view_authenticatorsmsstage"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_stages_authenticator_sms.smsdevice": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"maxLength": 64,
|
|
"minLength": 1,
|
|
"title": "Name",
|
|
"description": "The human-readable name of this device."
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_stages_authenticator_sms.smsdevice_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_smsdevice",
|
|
"change_smsdevice",
|
|
"delete_smsdevice",
|
|
"view_smsdevice"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_stages_authenticator_static.authenticatorstaticstage": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"configure_flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Configure flow",
|
|
"description": "Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage."
|
|
},
|
|
"friendly_name": {
|
|
"type": "string",
|
|
"title": "Friendly name"
|
|
},
|
|
"token_count": {
|
|
"type": "integer",
|
|
"minimum": 0,
|
|
"maximum": 2147483647,
|
|
"title": "Token count"
|
|
},
|
|
"token_length": {
|
|
"type": "integer",
|
|
"minimum": 0,
|
|
"maximum": 100,
|
|
"title": "Token length"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_stages_authenticator_static.authenticatorstaticstage_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_authenticatorstaticstage",
|
|
"change_authenticatorstaticstage",
|
|
"delete_authenticatorstaticstage",
|
|
"view_authenticatorstaticstage"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_stages_authenticator_static.staticdevice": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"maxLength": 64,
|
|
"minLength": 1,
|
|
"title": "Name",
|
|
"description": "The human-readable name of this device."
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_stages_authenticator_static.staticdevice_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_staticdevice",
|
|
"change_staticdevice",
|
|
"delete_staticdevice",
|
|
"view_staticdevice"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_stages_authenticator_totp.authenticatortotpstage": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"configure_flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Configure flow",
|
|
"description": "Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage."
|
|
},
|
|
"friendly_name": {
|
|
"type": "string",
|
|
"title": "Friendly name"
|
|
},
|
|
"digits": {
|
|
"type": "string",
|
|
"enum": [
|
|
"6",
|
|
"8"
|
|
],
|
|
"title": "Digits"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_stages_authenticator_totp.authenticatortotpstage_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_authenticatortotpstage",
|
|
"change_authenticatortotpstage",
|
|
"delete_authenticatortotpstage",
|
|
"view_authenticatortotpstage"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_stages_authenticator_totp.totpdevice": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"maxLength": 64,
|
|
"minLength": 1,
|
|
"title": "Name",
|
|
"description": "The human-readable name of this device."
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_stages_authenticator_totp.totpdevice_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_totpdevice",
|
|
"change_totpdevice",
|
|
"delete_totpdevice",
|
|
"view_totpdevice"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_stages_authenticator_validate.authenticatorvalidatestage": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"not_configured_action": {
|
|
"type": "string",
|
|
"enum": [
|
|
"skip",
|
|
"deny",
|
|
"configure"
|
|
],
|
|
"title": "Not configured action"
|
|
},
|
|
"device_classes": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"enum": [
|
|
"static",
|
|
"totp",
|
|
"webauthn",
|
|
"duo",
|
|
"sms",
|
|
"email"
|
|
],
|
|
"title": "Device classes"
|
|
},
|
|
"title": "Device classes",
|
|
"description": "Device classes which can be used to authenticate"
|
|
},
|
|
"configuration_stages": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"description": "Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again."
|
|
},
|
|
"title": "Configuration stages",
|
|
"description": "Stages used to configure Authenticator when user doesn't have any compatible devices. After this configuration Stage passes, the user is not prompted again."
|
|
},
|
|
"last_auth_threshold": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Last auth threshold",
|
|
"description": "If any of the user's device has been used within this threshold, this stage will be skipped"
|
|
},
|
|
"webauthn_user_verification": {
|
|
"type": "string",
|
|
"enum": [
|
|
"required",
|
|
"preferred",
|
|
"discouraged"
|
|
],
|
|
"title": "Webauthn user verification",
|
|
"description": "Enforce user verification for WebAuthn devices."
|
|
},
|
|
"webauthn_hints": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"enum": [
|
|
"security-key",
|
|
"client-device",
|
|
"hybrid"
|
|
],
|
|
"title": "Webauthn hints"
|
|
},
|
|
"title": "Webauthn hints"
|
|
},
|
|
"webauthn_allowed_device_types": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"format": "uuid"
|
|
},
|
|
"title": "Webauthn allowed device types"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_stages_authenticator_validate.authenticatorvalidatestage_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_authenticatorvalidatestage",
|
|
"change_authenticatorvalidatestage",
|
|
"delete_authenticatorvalidatestage",
|
|
"view_authenticatorvalidatestage"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_stages_authenticator_webauthn.authenticatorwebauthnstage": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"configure_flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Configure flow",
|
|
"description": "Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage."
|
|
},
|
|
"friendly_name": {
|
|
"type": "string",
|
|
"title": "Friendly name"
|
|
},
|
|
"user_verification": {
|
|
"type": "string",
|
|
"enum": [
|
|
"required",
|
|
"preferred",
|
|
"discouraged"
|
|
],
|
|
"title": "User verification"
|
|
},
|
|
"authenticator_attachment": {
|
|
"type": [
|
|
"null",
|
|
"string"
|
|
],
|
|
"enum": [
|
|
null,
|
|
"platform",
|
|
"cross-platform"
|
|
],
|
|
"title": "Authenticator attachment"
|
|
},
|
|
"resident_key_requirement": {
|
|
"type": "string",
|
|
"enum": [
|
|
"discouraged",
|
|
"preferred",
|
|
"required"
|
|
],
|
|
"title": "Resident key requirement"
|
|
},
|
|
"hints": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"enum": [
|
|
"security-key",
|
|
"client-device",
|
|
"hybrid"
|
|
],
|
|
"title": "Hints"
|
|
},
|
|
"title": "Hints"
|
|
},
|
|
"device_type_restrictions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"format": "uuid"
|
|
},
|
|
"title": "Device type restrictions"
|
|
},
|
|
"prevent_duplicate_devices": {
|
|
"type": "boolean",
|
|
"title": "Prevent duplicate devices",
|
|
"description": "When enabled, a given device can only be registered once."
|
|
},
|
|
"max_attempts": {
|
|
"type": "integer",
|
|
"minimum": 0,
|
|
"maximum": 2147483647,
|
|
"title": "Max attempts"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_stages_authenticator_webauthn.authenticatorwebauthnstage_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_authenticatorwebauthnstage",
|
|
"change_authenticatorwebauthnstage",
|
|
"delete_authenticatorwebauthnstage",
|
|
"view_authenticatorwebauthnstage"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_stages_authenticator_webauthn.webauthndevice": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"maxLength": 200,
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_stages_authenticator_webauthn.webauthndevice_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_webauthndevice",
|
|
"change_webauthndevice",
|
|
"delete_webauthndevice",
|
|
"view_webauthndevice"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_stages_captcha.captchastage": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"public_key": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Public key",
|
|
"description": "Public key, acquired your captcha Provider."
|
|
},
|
|
"private_key": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Private key",
|
|
"description": "Private key, acquired your captcha Provider."
|
|
},
|
|
"js_url": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Js url"
|
|
},
|
|
"api_url": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Api url"
|
|
},
|
|
"interactive": {
|
|
"type": "boolean",
|
|
"title": "Interactive"
|
|
},
|
|
"score_min_threshold": {
|
|
"type": "number",
|
|
"title": "Score min threshold"
|
|
},
|
|
"score_max_threshold": {
|
|
"type": "number",
|
|
"title": "Score max threshold"
|
|
},
|
|
"error_on_invalid_score": {
|
|
"type": "boolean",
|
|
"title": "Error on invalid score",
|
|
"description": "When enabled and the received captcha score is outside of the given threshold, the stage will show an error message. When not enabled, the flow will continue, but the data from the captcha will be available in the context for policy decisions"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_stages_captcha.captchastage_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_captchastage",
|
|
"change_captchastage",
|
|
"delete_captchastage",
|
|
"view_captchastage"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_stages_consent.consentstage": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"mode": {
|
|
"type": "string",
|
|
"enum": [
|
|
"always_require",
|
|
"permanent",
|
|
"expiring"
|
|
],
|
|
"title": "Mode"
|
|
},
|
|
"consent_expire_in": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Consent expires in",
|
|
"description": "Offset after which consent expires. (Format: hours=1;minutes=2;seconds=3)."
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_stages_consent.consentstage_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_consentstage",
|
|
"change_consentstage",
|
|
"delete_consentstage",
|
|
"view_consentstage"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_stages_deny.denystage": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"deny_message": {
|
|
"type": "string",
|
|
"title": "Deny message"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_stages_deny.denystage_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_denystage",
|
|
"change_denystage",
|
|
"delete_denystage",
|
|
"view_denystage"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_stages_dummy.dummystage": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"throw_error": {
|
|
"type": "boolean",
|
|
"title": "Throw error"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_stages_dummy.dummystage_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_dummystage",
|
|
"change_dummystage",
|
|
"delete_dummystage",
|
|
"view_dummystage"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_stages_email.emailstage": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"use_global_settings": {
|
|
"type": "boolean",
|
|
"title": "Use global settings",
|
|
"description": "When enabled, global Email connection settings will be used and connection settings below will be ignored."
|
|
},
|
|
"host": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Host"
|
|
},
|
|
"port": {
|
|
"type": "integer",
|
|
"minimum": -2147483648,
|
|
"maximum": 2147483647,
|
|
"title": "Port"
|
|
},
|
|
"username": {
|
|
"type": "string",
|
|
"title": "Username"
|
|
},
|
|
"password": {
|
|
"type": "string",
|
|
"title": "Password"
|
|
},
|
|
"use_tls": {
|
|
"type": "boolean",
|
|
"title": "Use tls"
|
|
},
|
|
"use_ssl": {
|
|
"type": "boolean",
|
|
"title": "Use ssl"
|
|
},
|
|
"timeout": {
|
|
"type": "integer",
|
|
"minimum": -2147483648,
|
|
"maximum": 2147483647,
|
|
"title": "Timeout"
|
|
},
|
|
"from_address": {
|
|
"type": "string",
|
|
"format": "email",
|
|
"maxLength": 254,
|
|
"minLength": 1,
|
|
"title": "From address"
|
|
},
|
|
"token_expiry": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Token expiry",
|
|
"description": "Time the token sent is valid (Format: hours=3,minutes=17,seconds=300)."
|
|
},
|
|
"subject": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Subject"
|
|
},
|
|
"template": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Template"
|
|
},
|
|
"activate_user_on_success": {
|
|
"type": "boolean",
|
|
"title": "Activate user on success",
|
|
"description": "Activate users upon completion of stage."
|
|
},
|
|
"recovery_max_attempts": {
|
|
"type": "integer",
|
|
"minimum": 0,
|
|
"maximum": 2147483647,
|
|
"title": "Recovery max attempts"
|
|
},
|
|
"recovery_cache_timeout": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Recovery cache timeout",
|
|
"description": "The time window used to count recent account recovery attempts. If the number of attempts exceed recovery_max_attempts within this period, further attempts will be rate-limited. (Format: hours=1;minutes=2;seconds=3)."
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_stages_email.emailstage_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_emailstage",
|
|
"change_emailstage",
|
|
"delete_emailstage",
|
|
"view_emailstage"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_stages_identification.identificationstage": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"user_fields": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"enum": [
|
|
"email",
|
|
"username",
|
|
"upn"
|
|
],
|
|
"title": "User fields"
|
|
},
|
|
"title": "User fields",
|
|
"description": "Fields of the user object to match against. (Hold shift to select multiple options)"
|
|
},
|
|
"password_stage": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Password stage",
|
|
"description": "When set, shows a password field, instead of showing the password field as separate step."
|
|
},
|
|
"captcha_stage": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Captcha stage",
|
|
"description": "When set, adds functionality exactly like a Captcha stage, but baked into the Identification stage."
|
|
},
|
|
"case_insensitive_matching": {
|
|
"type": "boolean",
|
|
"title": "Case insensitive matching",
|
|
"description": "When enabled, user fields are matched regardless of their casing."
|
|
},
|
|
"show_matched_user": {
|
|
"type": "boolean",
|
|
"title": "Show matched user",
|
|
"description": "When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown"
|
|
},
|
|
"enrollment_flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Enrollment flow",
|
|
"description": "Optional enrollment flow, which is linked at the bottom of the page."
|
|
},
|
|
"recovery_flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Recovery flow",
|
|
"description": "Optional recovery flow, which is linked at the bottom of the page."
|
|
},
|
|
"passwordless_flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Passwordless flow",
|
|
"description": "Optional passwordless flow, which is linked at the bottom of the page."
|
|
},
|
|
"sources": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"description": "Specify which sources should be shown."
|
|
},
|
|
"title": "Sources",
|
|
"description": "Specify which sources should be shown."
|
|
},
|
|
"show_source_labels": {
|
|
"type": "boolean",
|
|
"title": "Show source labels"
|
|
},
|
|
"pretend_user_exists": {
|
|
"type": "boolean",
|
|
"title": "Pretend user exists",
|
|
"description": "When enabled, the stage will succeed and continue even when incorrect user info is entered."
|
|
},
|
|
"enable_remember_me": {
|
|
"type": "boolean",
|
|
"title": "Enable remember me",
|
|
"description": "Show the user the 'Remember me on this device' toggle, allowing repeat users to skip straight to entering their password."
|
|
},
|
|
"webauthn_stage": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Webauthn stage",
|
|
"description": "When set, and conditional WebAuthn is available, allow the user to use their passkey as a first factor."
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_stages_identification.identificationstage_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_identificationstage",
|
|
"change_identificationstage",
|
|
"delete_identificationstage",
|
|
"view_identificationstage"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_stages_invitation.invitation": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"expires": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
],
|
|
"format": "date-time",
|
|
"title": "Expires"
|
|
},
|
|
"fixed_data": {
|
|
"type": "object",
|
|
"additionalProperties": true,
|
|
"title": "Fixed data"
|
|
},
|
|
"created_by": {
|
|
"type": "integer",
|
|
"title": "Created by"
|
|
},
|
|
"single_use": {
|
|
"type": "boolean",
|
|
"title": "Single use",
|
|
"description": "When enabled, the invitation will be deleted after usage."
|
|
},
|
|
"flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Flow",
|
|
"description": "When set, only the configured flow can use this invitation."
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_stages_invitation.invitation_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_invitation",
|
|
"change_invitation",
|
|
"delete_invitation",
|
|
"view_invitation"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_stages_invitation.invitationstage": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"continue_flow_without_invitation": {
|
|
"type": "boolean",
|
|
"title": "Continue flow without invitation",
|
|
"description": "If this flag is set, this Stage will jump to the next Stage when no Invitation is given. By default this Stage will cancel the Flow when no invitation is given."
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_stages_invitation.invitationstage_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_invitationstage",
|
|
"change_invitationstage",
|
|
"delete_invitationstage",
|
|
"view_invitationstage"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_stages_password.passwordstage": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"backends": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"enum": [
|
|
"authentik.core.auth.InbuiltBackend",
|
|
"authentik.core.auth.TokenBackend",
|
|
"authentik.sources.ldap.auth.LDAPBackend",
|
|
"authentik.sources.kerberos.auth.KerberosBackend"
|
|
],
|
|
"title": "Backends"
|
|
},
|
|
"title": "Backends",
|
|
"description": "Selection of backends to test the password against."
|
|
},
|
|
"configure_flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Configure flow",
|
|
"description": "Flow used by an authenticated user to configure this Stage. If empty, user will not be able to configure this stage."
|
|
},
|
|
"failed_attempts_before_cancel": {
|
|
"type": "integer",
|
|
"minimum": -2147483648,
|
|
"maximum": 2147483647,
|
|
"title": "Failed attempts before cancel",
|
|
"description": "How many attempts a user has before the flow is canceled. To lock the user out, use a reputation policy and a user_write stage."
|
|
},
|
|
"allow_show_password": {
|
|
"type": "boolean",
|
|
"title": "Allow show password",
|
|
"description": "When enabled, provides a 'show password' button with the password input field."
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_stages_password.passwordstage_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_passwordstage",
|
|
"change_passwordstage",
|
|
"delete_passwordstage",
|
|
"view_passwordstage"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_stages_prompt.prompt": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"field_key": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Field key",
|
|
"description": "Name of the form field, also used to store the value"
|
|
},
|
|
"label": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Label"
|
|
},
|
|
"type": {
|
|
"type": "string",
|
|
"enum": [
|
|
"text",
|
|
"text_area",
|
|
"text_read_only",
|
|
"text_area_read_only",
|
|
"username",
|
|
"email",
|
|
"password",
|
|
"number",
|
|
"checkbox",
|
|
"radio-button-group",
|
|
"dropdown",
|
|
"date",
|
|
"date-time",
|
|
"file",
|
|
"separator",
|
|
"hidden",
|
|
"static",
|
|
"ak-locale"
|
|
],
|
|
"title": "Type"
|
|
},
|
|
"required": {
|
|
"type": "boolean",
|
|
"title": "Required"
|
|
},
|
|
"placeholder": {
|
|
"type": "string",
|
|
"title": "Placeholder",
|
|
"description": "Optionally provide a short hint that describes the expected input value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple choices."
|
|
},
|
|
"initial_value": {
|
|
"type": "string",
|
|
"title": "Initial value",
|
|
"description": "Optionally pre-fill the input with an initial value. When creating a fixed choice field, enable interpreting as expression and return a list to return multiple default choices."
|
|
},
|
|
"order": {
|
|
"type": "integer",
|
|
"minimum": -2147483648,
|
|
"maximum": 2147483647,
|
|
"title": "Order"
|
|
},
|
|
"sub_text": {
|
|
"type": "string",
|
|
"title": "Sub text"
|
|
},
|
|
"placeholder_expression": {
|
|
"type": "boolean",
|
|
"title": "Placeholder expression"
|
|
},
|
|
"initial_value_expression": {
|
|
"type": "boolean",
|
|
"title": "Initial value expression"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_stages_prompt.prompt_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_prompt",
|
|
"change_prompt",
|
|
"delete_prompt",
|
|
"view_prompt"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_stages_prompt.promptstage": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"fields": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"format": "uuid"
|
|
},
|
|
"title": "Fields"
|
|
},
|
|
"validation_policies": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string",
|
|
"format": "uuid"
|
|
},
|
|
"title": "Validation policies"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_stages_prompt.promptstage_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_promptstage",
|
|
"change_promptstage",
|
|
"delete_promptstage",
|
|
"view_promptstage"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_stages_redirect.redirectstage": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"keep_context": {
|
|
"type": "boolean",
|
|
"title": "Keep context"
|
|
},
|
|
"mode": {
|
|
"type": "string",
|
|
"enum": [
|
|
"static",
|
|
"flow"
|
|
],
|
|
"title": "Mode"
|
|
},
|
|
"target_static": {
|
|
"type": "string",
|
|
"title": "Target static"
|
|
},
|
|
"target_flow": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Target flow"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_stages_redirect.redirectstage_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_redirectstage",
|
|
"change_redirectstage",
|
|
"delete_redirectstage",
|
|
"view_redirectstage"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_stages_user_delete.userdeletestage": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_stages_user_delete.userdeletestage_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_userdeletestage",
|
|
"change_userdeletestage",
|
|
"delete_userdeletestage",
|
|
"view_userdeletestage"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_stages_user_login.userloginstage": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"session_duration": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Session duration",
|
|
"description": "Determines how long a session lasts. Default of 0 means that the sessions lasts until the browser is closed. (Format: hours=-1;minutes=-2;seconds=-3)"
|
|
},
|
|
"terminate_other_sessions": {
|
|
"type": "boolean",
|
|
"title": "Terminate other sessions",
|
|
"description": "Terminate all other sessions of the user logging in."
|
|
},
|
|
"remember_me_offset": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Remember me offset",
|
|
"description": "Offset the session will be extended by when the user picks the remember me option. Default of 0 means that the remember me option will not be shown. (Format: hours=-1;minutes=-2;seconds=-3)"
|
|
},
|
|
"network_binding": {
|
|
"type": "string",
|
|
"enum": [
|
|
"no_binding",
|
|
"bind_asn",
|
|
"bind_asn_network",
|
|
"bind_asn_network_ip"
|
|
],
|
|
"title": "Network binding",
|
|
"description": "Bind sessions created by this stage to the configured network"
|
|
},
|
|
"geoip_binding": {
|
|
"type": "string",
|
|
"enum": [
|
|
"no_binding",
|
|
"bind_continent",
|
|
"bind_continent_country",
|
|
"bind_continent_country_city"
|
|
],
|
|
"title": "Geoip binding",
|
|
"description": "Bind sessions created by this stage to the configured GeoIP location"
|
|
},
|
|
"remember_device": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Remember device",
|
|
"description": "When set to a non-zero value, authentik will save a cookie with a longer expiry,to remember the device the user is logging in from. (Format: hours=-1;minutes=-2;seconds=-3)"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_stages_user_login.userloginstage_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_userloginstage",
|
|
"change_userloginstage",
|
|
"delete_userloginstage",
|
|
"view_userloginstage"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_stages_user_logout.userlogoutstage": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_stages_user_logout.userlogoutstage_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_userlogoutstage",
|
|
"change_userlogoutstage",
|
|
"delete_userlogoutstage",
|
|
"view_userlogoutstage"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_stages_user_write.userwritestage": {
|
|
"type": "object",
|
|
"properties": {
|
|
"name": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Name"
|
|
},
|
|
"user_creation_mode": {
|
|
"type": "string",
|
|
"enum": [
|
|
"never_create",
|
|
"create_when_required",
|
|
"always_create"
|
|
],
|
|
"title": "User creation mode"
|
|
},
|
|
"create_users_as_inactive": {
|
|
"type": "boolean",
|
|
"title": "Create users as inactive",
|
|
"description": "When set, newly created users are inactive and cannot login."
|
|
},
|
|
"create_users_group": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Create users group",
|
|
"description": "Optionally add newly created users to this group."
|
|
},
|
|
"user_type": {
|
|
"type": "string",
|
|
"enum": [
|
|
"internal",
|
|
"external",
|
|
"service_account",
|
|
"internal_service_account"
|
|
],
|
|
"title": "User type"
|
|
},
|
|
"user_path_template": {
|
|
"type": "string",
|
|
"title": "User path template"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_stages_user_write.userwritestage_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_userwritestage",
|
|
"change_userwritestage",
|
|
"delete_userwritestage",
|
|
"view_userwritestage"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_tasks_schedules.schedule": {
|
|
"type": "object",
|
|
"properties": {
|
|
"rel_obj_id": {
|
|
"type": [
|
|
"string",
|
|
"null"
|
|
],
|
|
"minLength": 1,
|
|
"title": "Rel obj id"
|
|
},
|
|
"crontab": {
|
|
"type": "string",
|
|
"minLength": 1,
|
|
"title": "Crontab",
|
|
"description": "When to schedule tasks"
|
|
},
|
|
"paused": {
|
|
"type": "boolean",
|
|
"title": "Paused",
|
|
"description": "Pause this schedule"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_tasks_schedules.schedule_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"change_schedule",
|
|
"send_schedule",
|
|
"view_schedule"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
},
|
|
"model_authentik_tenants.domain": {
|
|
"type": "object",
|
|
"properties": {
|
|
"domain": {
|
|
"type": "string",
|
|
"maxLength": 253,
|
|
"minLength": 1,
|
|
"title": "Domain"
|
|
},
|
|
"is_primary": {
|
|
"type": "boolean",
|
|
"title": "Is primary"
|
|
},
|
|
"tenant": {
|
|
"type": "string",
|
|
"format": "uuid",
|
|
"title": "Tenant"
|
|
}
|
|
},
|
|
"required": []
|
|
},
|
|
"model_authentik_tenants.domain_permissions": {
|
|
"type": "array",
|
|
"items": {
|
|
"type": "object",
|
|
"required": [
|
|
"permission"
|
|
],
|
|
"properties": {
|
|
"permission": {
|
|
"type": "string",
|
|
"enum": [
|
|
"add_domain",
|
|
"change_domain",
|
|
"delete_domain",
|
|
"view_domain"
|
|
]
|
|
},
|
|
"user": {
|
|
"type": "integer"
|
|
},
|
|
"role": {
|
|
"type": "string"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
} |